| タイトル | Script And Tools Real Estate Management System 1.0 Broken Access Control |
|---|
| 説明 | Title of the Vulnerability:
Real Estate Management System V 1.0 | /admin/userlist.php | Broken Access Control| Found By Maloy Roy Orko
Vulnerability Class: Broken Access Control
Product Name: Real Estate Management System
Vendor: https://github.com/scriptandtools/
Vulnerable Product Link: https://github.com/scriptandtools/Real-Estate-website-in-PHP
Vulnerable File/Component: /admin/userlist.php
Technical Details & Description: The application source code is coded in a way which allows Broken Access Control in /admin/userlist.php due to CWE-698
Detailed Explanation by AI: https://www.blackbox.ai/chat/326OJs4
Exploitation POC:
Step-1: Use No redirect Based Extensions!
In my case,I am using DH-Hackbar which has no redirect mode!
Step-2: Now visit the vulnerable URL!
http://192.168.0.101:8080/reali/admin/userlist.php
Step-3: BOOM! You can see the sensitive User information without logging into the admin panel!
|
|---|
| ソース | ⚠️ https://www.websecurityinsights.my.id/2025/08/real-estate-management-system-v-10-user.html |
|---|
| ユーザー | MaloyRoyOrko (UID 79572) |
|---|
| 送信 | 2025年08月26日 18:25 (10 月 ago) |
|---|
| モデレーション | 2025年09月02日 16:10 (7 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 322197 [ScriptAndTools Real Estate Management System 1.0 /admin/userlist.php Redirect] |
|---|
| ポイント | 20 |
|---|