从这个网页截图中,可以获取到以下关于漏洞的关键信息: 1. 漏洞标题: - SourceCodester Hospital Management System 1.0 Improper Access Controls 2. 漏洞描述: - Insecure Direct Object References (IDOR) vulnerability in Hospital Management System 1.0 allows attackers to permanently delete any patient account. - Insecure Direct Object References (IDOR) vulnerability in the "Vaidya Mitra" healthcare Hospital Management System 1.0, specifically in the patient's "Delete Account" feature. The issue arises due to broken access control on the ID parameter, allowing an attacker to delete any patient account permanently. 3. PoC(Proof of Concept)步骤: 1. Login as a patient 2. Go to 3. Attempt to delete the account and before confirming with yes intercept the request in Burp Suite 4. Send the request POST to repeater in Burp Suite 5. Modify the id parameter value to that of another patient to delete their account permanently 4. PoC Video: - 5. 漏洞来源: - 6. 提交者: - Salah Tayeh (UID 77272) 7. 提交时间: - 11/10/2024 02:02 AM (7 days ago) 8. 审核时间: - 11/11/2024 09:28 AM (1 day later) 9. 状态: - Accepted 10. VulDB Entry: - 283869 [SourceCodester Hospital Management System 1.0 delete-account.php id improper authorization] 11. 积分: - 20 这些信息详细描述了漏洞的性质、攻击方法、PoC步骤、漏洞来源、提交者、提交和审核时间,以及漏洞的VulDB Entry和积分。