| タイトル | Eastnets PaymentSafe 2.5.26.0 Improper Authorization |
|---|
| 説明 | The application suffers from a Failure to Restrict URL Access vulnerability, allowing unauthorized access to sensitive bank transaction details. An attacker with a valid session can directly access restricted endpoints containing confidential financial data, bypassing intended authorization controls.
Step To reproduce:
1. In the poc, AppSecTest3 user have the access to see the achieved messages while AppSecTest1 user does not have permission of this functionality.
2. Copy and pasting the URL in AppSecTest1 user session gives access to the sensitive details. |
|---|
| ソース | ⚠️ https://drive.google.com/file/d/1WT5mJwL9NvKxBLIIj7TDbeAq6dchs5Gk/view?usp=sharing |
|---|
| ユーザー | kushkira (UID 60170) |
|---|
| 送信 | 2025年02月17日 11:11 (1 年 ago) |
|---|
| モデレーション | 2025年03月01日 08:39 (12 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 298064 [Eastnets PaymentSafe 2.5.26.0 URL /Default.aspx 特権昇格] |
|---|
| ポイント | 20 |
|---|