Institute Admission Software 2.5 suffers from an Insecure Direct Object Institute Admission Software 2.5 suffers from an Insecure Direct Object Reference (IDOR) vulnerability. This critical flaw allows unauthorized users to access, and potentially modify, sensitive data belonging to other applicants or staff.
By manipulating predictable identifiers in URLs or API requests (e.g., changing an application ID number), an attacker can bypass authorization checks. This could expose personal information like names, addresses, academic records, financial details, or even admission decisions of other individuals.
The lack of proper server-side validation means the software fails to verify if the requesting user is truly authorized for the requested resource. This leads to severe privacy breaches, data integrity issues, and a significant security risk for the institution and its applicants.
=============================================================================================================================================
| # Title : Institute Admission Software 2.5 IDOR Vulnerability |
| # Author : indoushka |
| # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 137.0.1 (64 bits) |
| # Vendor : https://softmaart.com/institute-admission-software.php |
=============================================================================================================================================
POC :
[+] Dorking ?n Google Or Other Search Enggine.
[+] Insecure Direct Object Reference : suffers from an insecure direct object reference that allows users to access the administrative interface.
[+] Use PayLoad : /admin_panel/header.php
[+] Login : http://127.0.0.1/chinmayadc.edu.in/admin_panel/header.php
Greetings to :=====================================================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
===================================================================================================
Institute Admission Software 2.5 Insecure Direct Object Reference
- Details
- Written by: khalil shreateh
- Category: Vulnerabilities
- Hits: 143
