| タイトル | Sourcecodester Online Exam system using Django V 1.0 Improper Access Controls |
|---|
| 説明 | Title - Privilege Escalation
In this application access controls are not properly in place so attacker with low privilege can escalate to admin privilege and can perform admin level action.
Steps to reproduce:
* Login to the application as student
* In the URL change the student-dashboard to admin-dashboard
* attacker can login to admin with low privilege user and can perform admin level actions
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
PoC Link :- https://drive.google.com/file/d/1hEXfbOOkWdYzaSI6ORQvPGBtn09R12Ui/view?usp=drive_link
Contacted the developer, no response from them
Vulnerable URL :- https://www.sourcecodester.com/python/15382/online-exam-system-python-using-django-framework-free-source-code.html
Please don't post as it is, contains some sensitive information, please let me know if you have any questions ,
Thank you so much. |
|---|
| ユーザー | TheRaghul (UID 75537) |
|---|
| 送信 | 2024年10月21日 19:13 (2 年 ago) |
|---|
| モデレーション | 2024年10月24日 17:39 (3 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 281700 [SourceCodester Online Exam System 1.0 /admin-dashboard 特権昇格] |
|---|
| ポイント | 17 |
|---|