| 제목 | Broken Access Control lead to Account Takeover in Create User with staff permisson |
|---|
| 설명 | Souce: https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html
Product: Lost and Found Information System
Version: 1.0
Broken Access Control lead to Account Takeover in Create User with Staff permisson
Step 1. Login to account admin
Step 2. Go to /admin/?page=user/manage_user create a new user with type is Staff
Step 3. Login account type staff was create at step 2
Step 4. Go to /php-lfis/admin/?page=user/manage_user (even though this account has no permissions create user)
Step 5. Create a account with type is Administrator
Step 5. Login new admin account and have full permission
|
|---|
| 원천 | ⚠️ https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html |
|---|
| 사용자 | huutuanbg97 (UID 45015) |
|---|
| 제출 | 2023. 05. 11. PM 04:22 (3 연령 ago) |
|---|
| 모더레이션 | 2023. 05. 12. AM 08:01 (16 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 228886 [SourceCodester Lost and Found Information System 1.0 manage_user 권한 상승] |
|---|
| 포인트들 | 20 |
|---|