| 제목 | Eastnets PaymentSafe 2.5.26.0 Improper Authorization |
|---|
| 설명 | The application suffers from a Failure to Restrict URL Access vulnerability, allowing unauthorized access to sensitive bank transaction details. An attacker with a valid session can directly access restricted endpoints containing confidential financial data, bypassing intended authorization controls.
Step To reproduce:
1. In the poc, AppSecTest3 user have the access to see the achieved messages while AppSecTest1 user does not have permission of this functionality.
2. Copy and pasting the URL in AppSecTest1 user session gives access to the sensitive details. |
|---|
| 원천 | ⚠️ https://drive.google.com/file/d/1WT5mJwL9NvKxBLIIj7TDbeAq6dchs5Gk/view?usp=sharing |
|---|
| 사용자 | kushkira (UID 60170) |
|---|
| 제출 | 2025. 02. 17. AM 11:11 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 03. 01. AM 08:39 (12 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 298064 [Eastnets PaymentSafe 2.5.26.0 URL /Default.aspx 권한 상승] |
|---|
| 포인트들 | 20 |
|---|