| Titel | Script And Tools Real-Estate-Management-System 1.0 Insecure Direct Object Reference (IDOR) |
|---|
| Beschreibung | #Title of the Vulnerability:
Script and Tools | Real Estate Management System V 1.0 | userdelete.php | IDOR
#Vulnerability Class: Insecure Direct Object Reference (IDOR)
#Product Name: Real Estate Management System
#Version: 1.0
#Vendor: https://github.com/scriptandtools/
#Vulnerable Product Link: https://github.com/scriptandtools/Real-Estate-website-in-PHP
#Technical Details & Description: The application source code is coded in a way which allows : Insecure Direct Object Reference.
#Product & Service Introduction:
Real Estate Management System (Version-1.0)
#Vulnerable File Is:
userdelete.php
#Reproduction:
(1) Choose which user account you want to delete and get his ID
(2) Set his user id here: http://vuln-site/reali/admin/userdelete.php?id=ID
(3) Hit this url and his account will be deleted! |
|---|
| Quelle | ⚠️ https://www.websecurityinsights.my.id/2025/06/script-and-tools-real-estate-management.html?m=1 |
|---|
| Benutzer | MaloyRoyOrko (UID 79572) |
|---|
| Einreichung | 13.06.2025 06:28 (vor 10 Monaten) |
|---|
| Moderieren | 19.06.2025 12:10 (6 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 313325 [ScriptAndTools Real Estate Management System 1.0 User Delete userdelete.php ID erweiterte Rechte] |
|---|
| Punkte | 20 |
|---|