| Название | Sanitization Management System v1.0 Insufficient Authorization Controls |
|---|
| Описание | It was observed that Sanitization Management System v1.0 suffers from insufficient authorization controls whereby an unauthenticated attacker could perform sensitive actions by directly invoking the endpoints, thus gaining full control over the web application.
The following functions are affected and could directly be triggered without authentication:
1. creation, modification and deletion of privileged users
2. access to sensitive information such as inquiries and quote requests belonging to other customers
3. deletion and modification of company information
While user would require a valid session ID to access the administrative functions on the browser, it is possible to directly invoke the endpoints using Burpsuite and access the functions without a UI. |
|---|
| Пользователь | jiajian (UID 34329) |
|---|
| Представление | 23.10.2022 18:55 (3 лет назад) |
|---|
| Модерация | 24.10.2022 07:43 (13 hours later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 212017 [SourceCodester Sanitization Management System 1.0 слабая аутентификация] |
|---|
| Баллы | 17 |
|---|