| عنوان | Username Enumeration in News Portal 1.0 |
|---|
| الوصف | It was possible to enumerate username of valid users, in an unauthenticated way. The vulnerability occurs in the "check_availability.php" file, specifically in the "username" parameter, where the verification is carried out if the user already exists in the application.
PoC: https://youtu.be/n_BfBlsUIN8
Other informations:
https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/03-Identity_Management_Testing/04-Testing_for_Account_Enumeration_and_Guessable_User_Account |
|---|
| المصدر | ⚠️ https://www.sourcecodester.com/php/16067/best-online-news-portal-project-php-free-download.html |
|---|
| المستخدم | Anonymous User |
|---|
| ارسال | 11/02/2023 10:21 PM (3 سنوات منذ) |
|---|
| الاعتدال | 12/02/2023 08:36 AM (10 hours later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 220645 [SourceCodester Best Online News Portal 1.0 check_availability.php أسم المستخدم الكشف عن المعلومات] |
|---|
| النقاط | 20 |
|---|