| タイトル | Script And Tools Online-Travling-System 1.0 Broken Access Control |
|---|
| 説明 | Title of the Vulnerability:
Script And Tools | Online-Travling-System | Broken Access Control In /admin/addpackage.php
Vulnerability Class: Broken Access Control
Product Name: Online-Travling-System
Vendor: https://github.com/scriptandtools/
Vulnerable Product Link: https://github.com/scriptandtools/Online-Travling-System-Php
Technical Details & Description:
The application source code is coded in a way which allows To Access /admin/addpackage.php without Any Verification.
Product & Service Introduction: Online-Travling-System
Observation & Exploitation:
Here,The Vulnerable File Is:
/admin/addpackage.php
Lets Exploit ????????️????:
First,Go To The Vulnerable Location:
Example: http://192.168.0.100:8080/OTS/admin/addpackage.php
See,You Can Add Fraudulent Packages Without Any Login Credentials Or Logging in.
So,This indicates that the /admin/addpackage.php is vulnerable to Broken Access Control As We Can Access An Administrator Feature Without Any Authorization ! |
|---|
| ソース | ⚠️ https://www.websecurityinsights.my.id/2025/04/script-and-tools-online-travling-system_82.html |
|---|
| ユーザー | MaloyRoyOrko (UID 79572) |
|---|
| 送信 | 2025年04月16日 14:51 (1 年 ago) |
|---|
| モデレーション | 2025年04月29日 07:19 (13 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 306503 [ScriptAndTools Online-Travling-System 1.0 /admin/addpackage.php 特権昇格] |
|---|
| ポイント | 20 |
|---|