| Titre | Script And Tools Real Estate Management System 1.0 Broken Access Control |
|---|
| Description | Title of the Vulnerability:
Real Estate Management System V 1.0 | /admin/userlist.php | Broken Access Control| Found By Maloy Roy Orko
Vulnerability Class: Broken Access Control
Product Name: Real Estate Management System
Vendor: https://github.com/scriptandtools/
Vulnerable Product Link: https://github.com/scriptandtools/Real-Estate-website-in-PHP
Vulnerable File/Component: /admin/userlist.php
Technical Details & Description: The application source code is coded in a way which allows Broken Access Control in /admin/userlist.php due to CWE-698
Detailed Explanation by AI: https://www.blackbox.ai/chat/326OJs4
Exploitation POC:
Step-1: Use No redirect Based Extensions!
In my case,I am using DH-Hackbar which has no redirect mode!
Step-2: Now visit the vulnerable URL!
http://192.168.0.101:8080/reali/admin/userlist.php
Step-3: BOOM! You can see the sensitive User information without logging into the admin panel!
|
|---|
| La source | ⚠️ https://www.websecurityinsights.my.id/2025/08/real-estate-management-system-v-10-user.html |
|---|
| Utilisateur | MaloyRoyOrko (UID 79572) |
|---|
| Soumission | 26/08/2025 18:25 (il y a 10 mois) |
|---|
| Modérer | 02/09/2025 16:10 (7 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 322197 [ScriptAndTools Real Estate Management System 1.0 /admin/userlist.php Redirect] |
|---|
| Points | 20 |
|---|