إرسال #641980: Script And Tools Real Estate Management System 1.0 Broken Access Controlالمعلومات

عنوان	Script And Tools Real Estate Management System 1.0 Broken Access Control
الوصف	Title of the Vulnerability: Real Estate Management System V 1.0 \| /admin/userlist.php \| Broken Access Control\| Found By Maloy Roy Orko Vulnerability Class: Broken Access Control Product Name: Real Estate Management System Vendor: https://github.com/scriptandtools/ Vulnerable Product Link: https://github.com/scriptandtools/Real-Estate-website-in-PHP Vulnerable File/Component: /admin/userlist.php Technical Details & Description: The application source code is coded in a way which allows Broken Access Control in /admin/userlist.php due to CWE-698 Detailed Explanation by AI: https://www.blackbox.ai/chat/326OJs4 Exploitation POC: Step-1: Use No redirect Based Extensions! In my case,I am using DH-Hackbar which has no redirect mode! Step-2: Now visit the vulnerable URL! http://192.168.0.101:8080/reali/admin/userlist.php Step-3: BOOM! You can see the sensitive User information without logging into the admin panel!
المصدر	⚠️ https://www.websecurityinsights.my.id/2025/08/real-estate-management-system-v-10-user.html
المستخدم	MaloyRoyOrko (UID 79572)
ارسال	26/08/2025 06:25 PM (9 أشهر منذ)
الاعتدال	02/09/2025 04:10 PM (7 days later)
الحالة	تمت الموافقة
إدخال VulDB	322197 [ScriptAndTools Real Estate Management System 1.0 /admin/userlist.php Redirect]
النقاط	20

Do you need the next level of professionalism?

Upgrade your account now!