제출 #440799: SourceCodester Hospital Management System 1.0 Improper Access Controls정보

제목SourceCodester Hospital Management System 1.0 Improper Access Controls
설명Insecure Direct Object References (IDOR) vulnerability in Hospital Management System 1.0 allows attackers to permanently delete any patient account. Description. Insecure Direct Object References (IDOR) vulnerability in the "Vaidya Mitra" healthcare Hospital Management System 1.0, specifically in the patient's "Delete Account" feature. The issue arises due to broken access control on the ID parameter, allowing an attacker to delete any patient account permanently. Proof of Concept (PoC): 1. Login as a patient 2. Go to http://localhost/vm/patient/settings.php 3. Attempt to delete the account and before confirming with yes intercept the request in Burp Suite 4. Send the request POST /vm/patient/delete-account.php?id=9 HTTP/1.1 to repeater in Burp Suite 5. Modify the id parameter value to that of another patient to delete their account permanently PoC Video: https://drive.google.com/file/d/1Ce0Zz8ON5AqgP1FBxdhumMJAjOSYcXgZ/view
원천⚠️ https://github.com/Salah-Tayeh/CVEs-and-Vulnerabilities/blob/main/Hospital%20Management%20System%20-%20IDOR%20Causing%20Deletion%20of%20any%20patient%20account.md
사용자
 Salah Tayeh (UID 77272)
제출2024. 11. 10. AM 02:02 (2 연령 ago)
모더레이션2024. 11. 11. AM 09:28 (1 day later)
상태수락
VulDB 항목283869 [SourceCodester Hospital Management System 1.0 delete-account.php 아이디 권한 상승]
포인트들20

Interested in the pricing of exploits?

See the underground prices here!