Gửi #427957: Sourcecodester Online Exam system using Django V 1.0 Improper Access Controlsthông tin

tiêu đềSourcecodester Online Exam system using Django V 1.0 Improper Access Controls
Mô tảTitle - Privilege Escalation In this application access controls are not properly in place so attacker with low privilege can escalate to admin privilege and can perform admin level action. Steps to reproduce: * Login to the application as student * In the URL change the student-dashboard to admin-dashboard * attacker can login to admin with low privilege user and can perform admin level actions CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L PoC Link :- https://drive.google.com/file/d/1hEXfbOOkWdYzaSI6ORQvPGBtn09R12Ui/view?usp=drive_link Contacted the developer, no response from them Vulnerable URL :- https://www.sourcecodester.com/python/15382/online-exam-system-python-using-django-framework-free-source-code.html Please don't post as it is, contains some sensitive information, please let me know if you have any questions , Thank you so much.
Người dùng
 TheRaghul (UID 75537)
Đệ trình21/10/2024 19:13 (cách đây 2 những năm)
Kiểm duyệt24/10/2024 17:39 (3 days later)
Trạng tháiđược chấp nhận
Mục VulDB281700 [SourceCodester Online Exam System 1.0 /admin-dashboard nâng cao đặc quyền]
điểm17

Might our Artificial Intelligence support you?

Check our Alexa App!