| 제목 | Script And Tools Real Estate Management System 1.0 Broken Access Control |
|---|
| 설명 | Title of the Vulnerability:
Real Estate Management System V 1.0 | /admin/userlist.php | Broken Access Control| Found By Maloy Roy Orko
Vulnerability Class: Broken Access Control
Product Name: Real Estate Management System
Vendor: https://github.com/scriptandtools/
Vulnerable Product Link: https://github.com/scriptandtools/Real-Estate-website-in-PHP
Vulnerable File/Component: /admin/userlist.php
Technical Details & Description: The application source code is coded in a way which allows Broken Access Control in /admin/userlist.php due to CWE-698
Detailed Explanation by AI: https://www.blackbox.ai/chat/326OJs4
Exploitation POC:
Step-1: Use No redirect Based Extensions!
In my case,I am using DH-Hackbar which has no redirect mode!
Step-2: Now visit the vulnerable URL!
http://192.168.0.101:8080/reali/admin/userlist.php
Step-3: BOOM! You can see the sensitive User information without logging into the admin panel!
|
|---|
| 원천 | ⚠️ https://www.websecurityinsights.my.id/2025/08/real-estate-management-system-v-10-user.html |
|---|
| 사용자 | MaloyRoyOrko (UID 79572) |
|---|
| 제출 | 2025. 08. 26. PM 06:25 (9 개월 ago) |
|---|
| 모더레이션 | 2025. 09. 02. PM 04:10 (7 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 322197 [ScriptAndTools Real Estate Management System 1.0 /admin/userlist.php Redirect] |
|---|
| 포인트들 | 20 |
|---|