Employee Performance Evaluation System version 1.0 suffers from an insecure direct object reference vulnerability.
d7feffe6b7df4745ecce3ee15eecee5fc99d74a154cfa8859c6376490c477665# Exploit Title: Employee Performance Evaluation System 1.0 - Able to delete Admin user from Local account Unauthenticated Insecure Direct Object Reference (IDOR)
# Date: 09/12/2020
# Exploit Author: Manish Solanki
# Vendor Homepage: https://www.sourcecodester.com
# Software Link: https://www.sourcecodester.com/php/14617/employee-performance-evaluation-system-phpmysqli-source-code.html
# Version: 1.0
# Tested on: Windows 10/Kali Linux
# PoC: https://drive.google.com/file/d/1LWU05ocapuoIL1nfqCF8DRu_T2gB-3sQ/view
Steps to Reproduce:
1) Login with Admin Credentials (Email: admin@admin.com Password: admin123)
2) Create Local Employee Account
3) Log Out from Admin Account
4) Now login Local Employee Account
5) Change url to ?page=user_list. Now I am able to delete / change admin user
http://localhost/epes/index.php?page=user_list
6) Now able to access admin privileges account and able to perform edit or delete operation from local account.
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed