Soumettre #294112: Surya2Developer Hostel Management Service 1.0 Sensitive Information Disclosureinformation

TitleSurya2Developer Hostel Management Service 1.0 Sensitive Information Disclosure
DescriptionAn unauthenticated attacker can enumerate passwords and usernames/email addresses on the check_availability endpoint by observing discrepancies in HTTP responses between a POST request with valid emailid or oldpassword value.
Source⚠️ https://github.com/blackslim3/cve_sidequest/blob/main/poc/Username_and_Password_Enumeration%20on%20Hostel%20Management%20System%20using%20PHP%20and%20MySQL%201.0.md
User
 blackslim3 (UID 64963)
Submission06/03/2024 08:49 (il y a 1 Année)
Moderation15/03/2024 01:18 (9 days later)
StatusAccepté
VulDB Entry256891 [Surya2Developer Hostel Management Service 1.0 HTTP POST Request /check_availability.php oldpassword divulgation de l'information]
Points17

Do you need the next level of professionalism?

Upgrade your account now!