| عنوان | Eastnets PaymentSafe 2.5.26.0 Improper Authorization |
|---|
| الوصف | The application suffers from a Failure to Restrict URL Access vulnerability, allowing unauthorized access to sensitive bank transaction details. An attacker with a valid session can directly access restricted endpoints containing confidential financial data, bypassing intended authorization controls.
Step To reproduce:
1. In the poc, AppSecTest3 user have the access to see the achieved messages while AppSecTest1 user does not have permission of this functionality.
2. Copy and pasting the URL in AppSecTest1 user session gives access to the sensitive details. |
|---|
| المصدر | ⚠️ https://drive.google.com/file/d/1WT5mJwL9NvKxBLIIj7TDbeAq6dchs5Gk/view?usp=sharing |
|---|
| المستخدم | kushkira (UID 60170) |
|---|
| ارسال | 17/02/2025 11:11 AM (1 سنة منذ) |
|---|
| الاعتدال | 01/03/2025 08:39 AM (12 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 298064 [Eastnets PaymentSafe 2.5.26.0 URL /Default.aspx تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|