Wednesday, February 17, 2021

H8 SSRMS - 'id' IDOR

# Exploit Title: H8 SSRMS - 'id' IDOR
# Date: 01/31/2021
# Exploit Author: Mohammed Farhan
# Vendor Homepage:
# Version: H8 SSRMS
# Tested on: Windows 10

Vulnerability Details
Login to the application
Navigate to Payment Section and Click on Print button.
In QuotePrint.aspx, modify the id Parameter to View User details, Address,
Payments, Phonenumber and Email of other Users

Copyright © 2020 Cyber Details - Vulnerability Database™

Thanks for everything Templateism - You should have written the code a little more complicated