| 제목 | Sanitization Management System v1.0 Insufficient Authorization Controls |
|---|
| 설명 | It was observed that Sanitization Management System v1.0 suffers from insufficient authorization controls whereby an unauthenticated attacker could perform sensitive actions by directly invoking the endpoints, thus gaining full control over the web application.
The following functions are affected and could directly be triggered without authentication:
1. creation, modification and deletion of privileged users
2. access to sensitive information such as inquiries and quote requests belonging to other customers
3. deletion and modification of company information
While user would require a valid session ID to access the administrative functions on the browser, it is possible to directly invoke the endpoints using Burpsuite and access the functions without a UI. |
|---|
| 사용자 | jiajian (UID 34329) |
|---|
| 제출 | 2022. 10. 23. PM 06:55 (3 연령 ago) |
|---|
| 모더레이션 | 2022. 10. 24. AM 07:43 (13 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 212017 [SourceCodester Sanitization Management System 1.0 약한 인증] |
|---|
| 포인트들 | 17 |
|---|