जमा करें #819157: OUSL-GROUP-BrinaryBrains School-Student-Management-System 1.0 Authentication Bypassजानकारी

शीर्षक	OUSL-GROUP-BrinaryBrains School-Student-Management-System 1.0 Authentication Bypass
विवरण	The application supports automatic login restoration through a cookie named `school_auth`. The `MY_Controller` constructor unconditionally attempts to recover a user session from this cookie via `restore_auth_session_from_cookie()`. The cookie’s integrity is protected by an HMAC-SHA256 signature generated by the method `sign_auth_cookie()`: ```php protected function sign_auth_cookie($role, $user_id) { return hash_hmac('sha256', strtolower($role) . ':' . (int) $user_id, (string) $this->config->item('encryption_key')); } ```
स्रोत	⚠️ https://github.com/OUSL-GROUP-BrinaryBrains/School-Student-Management-System/issues/24
उपयोगकर्ता	Akirazz (UID 97888)
सबमिशन	04/05/2026 10:54 PM (1 महीना पहले)
संयम	30/05/2026 11:31 AM (26 days later)
स्थिति	स्वीकृत
VulDB प्रविष्टि	367421 [OUSL-GROUP-BrinaryBrains School Student Management System तक 1e70e5ad1125b86dca4ee086eb6bb121f17708b6 MY_Controller Login.php sign_auth_cookie role कमजोर प्रमाणीकरण]
अंक	20

Interested in the pricing of exploits?

See the underground prices here!