| Название | Script And Tools Real Estate Management System 1.0 Broken Access Control |
|---|
| Описание | Title of the Vulnerability:
Real Estate Management System V 1.0 | /admin/userlist.php | Broken Access Control| Found By Maloy Roy Orko
Vulnerability Class: Broken Access Control
Product Name: Real Estate Management System
Vendor: https://github.com/scriptandtools/
Vulnerable Product Link: https://github.com/scriptandtools/Real-Estate-website-in-PHP
Vulnerable File/Component: /admin/userlist.php
Technical Details & Description: The application source code is coded in a way which allows Broken Access Control in /admin/userlist.php due to CWE-698
Detailed Explanation by AI: https://www.blackbox.ai/chat/326OJs4
Exploitation POC:
Step-1: Use No redirect Based Extensions!
In my case,I am using DH-Hackbar which has no redirect mode!
Step-2: Now visit the vulnerable URL!
http://192.168.0.101:8080/reali/admin/userlist.php
Step-3: BOOM! You can see the sensitive User information without logging into the admin panel!
|
|---|
| Источник | ⚠️ https://www.websecurityinsights.my.id/2025/08/real-estate-management-system-v-10-user.html |
|---|
| Пользователь | MaloyRoyOrko (UID 79572) |
|---|
| Представление | 26.08.2025 18:25 (10 месяцы назад) |
|---|
| Модерация | 02.09.2025 16:10 (7 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 322197 [ScriptAndTools Real Estate Management System 1.0 /admin/userlist.php Redirect] |
|---|
| Баллы | 20 |
|---|