OpenEMR 6.0.0 – ‘noteid’ Insecure Direct Object Reference (IDOR)

• Exploit Database
• 105 阅读

• 作者： Allen Enosh Upputori
  日期： 2021-09-06
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/50260/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19

  # Exploit Title: OpenEMR 6.0.0 - 'noteid' Insecure Direct Object Reference (IDOR) # Date: 31/08/2021 # Exploit Author: Allen Enosh Upputori # Vendor Homepage: https://www.open-emr.org # Software Link: https://www.open-emr.org/wiki/index.php/OpenEMR_Downloads # Version:6.0.0 # Tested on: Linux # CVE : CVE-2021-40352   How to Reproduce this Vulnerability:   1. Install Openemr 6.0.0 2. Login as an Physician 3. Open Messages 4. Click Print 5. Change the existing "noteid=" value to another number   This will reveal everybodys messages Incuding Admin only Messages