H8 SSRMS Exploit, 'id' IDOR

# Exploit Title: H8 SSRMS - 'id' IDOR
# Date: 01/31/2021
# Exploit Author: Mohammed Farhan
# Vendor Homepage: https://www.height8tech.com/
# Version: H8 SSRMS
# Tested on: Windows 10


Vulnerability Details
======================
Login to the application
Navigate to Payment Section and Click on Print button.
In QuotePrint.aspx, modify the id Parameter to View User details, Address,
Payments, Phonenumber and Email of other Users

Sponsored Referral

Sponsored Referral

All rights reserved nPulse.net 2009 - 2021
Powered by: MVCP 2.0-RC / ASPF / PHP 7.4 / NGINX / FreeBSD