Authored by Yousef Alraddadi

Online Birth Certificate Management System version 1.0 suffers from an insecure direct object reference vulnerability.

# Exploit Title: Online Birth Certificate Management System - Insecure Direct Object Reference (IDOR)
# Google Dork: N/A
# Date: 2022-9-27
# Exploit Author: yousef alraddadi -
# Vendor Homepage:
# Software Link:
# Tested on: windows 11 - XAMPP
# CVE : N/A
# Version: 1.0

Vulnerability Details

Steps :

1) Log in to the application after register new user

Username: test
Password: 12345

2) Navigate to Birth Reg Form and Click on Manage Details and click any Birth number.

3)In /OBCMS/user/view-application-detail.php?viewid=1, modify the id Parameter to View birthreg details,

First Name, Phone number, and other data