| Título | Script And Tools Real Estate Management System 1.0 Broken Access Control |
|---|
| Descrição | Title of the Vulnerability:
Real Estate Management System V 1.0 | /admin/userlist.php | Broken Access Control| Found By Maloy Roy Orko
Vulnerability Class: Broken Access Control
Product Name: Real Estate Management System
Vendor: https://github.com/scriptandtools/
Vulnerable Product Link: https://github.com/scriptandtools/Real-Estate-website-in-PHP
Vulnerable File/Component: /admin/userlist.php
Technical Details & Description: The application source code is coded in a way which allows Broken Access Control in /admin/userlist.php due to CWE-698
Detailed Explanation by AI: https://www.blackbox.ai/chat/326OJs4
Exploitation POC:
Step-1: Use No redirect Based Extensions!
In my case,I am using DH-Hackbar which has no redirect mode!
Step-2: Now visit the vulnerable URL!
http://192.168.0.101:8080/reali/admin/userlist.php
Step-3: BOOM! You can see the sensitive User information without logging into the admin panel!
|
|---|
| Fonte | ⚠️ https://www.websecurityinsights.my.id/2025/08/real-estate-management-system-v-10-user.html |
|---|
| Utilizador | MaloyRoyOrko (UID 79572) |
|---|
| Submissão | 26/08/2025 18h25 (há 9 meses) |
|---|
| Moderação | 02/09/2025 16h10 (7 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 322197 [ScriptAndTools Real Estate Management System 1.0 /admin/userlist.php Redirect] |
|---|
| Pontos | 20 |
|---|