| 제목 | SourceCodester Water Billing Management System in PHP/OOP Free Source Code 1.0 Authorization Bypass |
|---|
| 설명 | A critical vulnerability in the Water Billing Management System allows unauthenticated attackers to create new administrative accounts. By sending a specially crafted POST request to the user management endpoint, an attacker can bypass the intended administrative interface and gain full control over the system.
Vulnerability Description The file /wbms/classes/Users.php contains a function save (triggered by the parameter f=save) that handles the creation and modification of user accounts. This endpoint lacks a session validation check or middleware to verify if the requester has administrative privileges.
Because the system uses an OOP approach where the class method is directly accessible via a GET/POST parameter, an external attacker can invoke the "save" logic without being logged in. By setting the type parameter to 1 (commonly representing the Admin role in this codebase), the attacker can elevate their privileges immediately. |
|---|
| 원천 | ⚠️ https://github.com/renzortega1337/Security-Research-/blob/main/Unauthenticated%20Admin%20Creation%20in%20PHP%20System.md |
|---|
| 사용자 | renzortega1337 (UID 98096) |
|---|
| 제출 | 2026. 05. 08. PM 03:10 (27 날 ago) |
|---|
| 모더레이션 | 2026. 05. 31. AM 10:24 (23 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 367515 [SourceCodester Water Billing Management System 1.0 User Management Endpoint Users.php?f=save 권한 상승] |
|---|
| 포인트들 | 20 |
|---|