| タイトル | Parsec Automation TrakSYS 11.x.x Direct Request |
|---|
| 説明 | It was not possible to confirm the presence of mechanisms that check whether the user is authorized to carry out certain actions in the system, or whether the user has been authenticated by the application. Because of this, it was possible to export the application’s source code in export pages endpoint.
The application has a similar vulnerability but in another feature (exporting source code) that I reported here: https://kiwiyumi.com/post/tracksys-export-source-code/
It's worth mentioning that an attacker can automate the item in question to extract all the app's code |
|---|
| ソース | ⚠️ https://kiwiyumi.com/post/traksys-export-page-code/ |
|---|
| ユーザー | Anonymous User |
|---|
| 送信 | 2024年06月21日 05:33 (2 年 ago) |
|---|
| モデレーション | 2024年06月29日 13:32 (8 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 270000 [Parsec Automation TrakSYS 11.x.x Export Page TS/export/contentpage 識別子 特権昇格] |
|---|
| ポイント | 20 |
|---|