| शीर्षक | Parsec TrackSYS 11.x.x Direct Request |
|---|
| विवरण | It was not possible to confirm the presence of mechanisms that check whether the user is authorized to carry out certain actions in the system, or whether the user has been authenticated by the application. Because of this, it was possible to export the application's source code.
With the source code in hand you can get information on C#, JavaScript, CSS and much more.
PoC link: https://kiwiyumi.com/post/tracksys-export-source-code/
Font:
- https://cheatsheetseries.owasp.org/cheatsheets/Insecure_Direct_Object_Reference_Prevention_Cheat_Sheet.html |
|---|
| स्रोत | ⚠️ https://kiwiyumi.com/post/tracksys-export-source-code/ |
|---|
| उपयोगकर्ता | Anonymous User |
|---|
| सबमिशन | 12/06/2024 04:39 AM (2 साल पहले) |
|---|
| संयम | 20/06/2024 07:31 AM (8 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 269159 [Parsec Automation TrackSYS 11.x.x pagedefinition पहचान अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|