| 제목 | Code4Berry Decoration Management System 1.0 Improper Handling of Insufficient Privileges |
|---|
| 설명 |
Visiting the /decoration/admin/userregister.php endpoint directly, a basic user has the ability to register new users, admins or superadmins - effectively escalating their own privileges to superadmin through creating a new user with full permissions. Its not really necessary, as you already have all the privileges of a superadmin as a regular user due to the security controls only checking if you have a valid session - you are just missing the links to those actions in your side menu. This endpoint also allows a regular user to delete the profiles of anyone, including admins and superadmins. There is also a functionality to restore blocked users, which is accessible to any regular user that visits the /decoration/admin/deleted_users.php endpoint. This ability is restricted to superadmins, however, it doesn't actually restore the users as the functionality is broken. Due to the coding on the other pages, I believe if the functionality did work, then a regular user could issue the request and un-block a removed user.
-----
also I submitted a vuln right before this that said it seemed to be a duplicate, as it had the same fields as the first one I submitted, though with a different summary. here it is again , in case it automatically drops the submission.
Basic users can access /decoration/admin/userregister.php endpoint to see a list of all users, admins and superadmins, along with their full names, phone numbers and emails. You can also visit /decoration/admin/deleted_users.php to see the same information about blocked or deleted users on the app. |
|---|
| 사용자 | scumdestroy (UID 48934) |
|---|
| 제출 | 2024. 11. 12. AM 04:43 (1 년도 ago) |
|---|
| 모더레이션 | 2024. 11. 20. AM 09:11 (8 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 285500 [Code4Berry Decoration Management System 1.0 User userregister.php 권한 상승] |
|---|
| 포인트들 | 17 |
|---|