Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-31704: GitHub - d34dun1c02n/CVE-2023-31704

Sourcecodester Online Computer and Laptop Store 1.0 is vulnerable to Incorrect Access Control, which allows remote attackers to elevate privileges to the administrator’s role.

CVE
#sql#vulnerability#web#git#php

main

Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

1 branch 0 tags

Code

  • Clone

    Use Git or checkout with SVN using the web URL.

  • Open with GitHub Desktop

  • Download ZIP

Latest commit

d34dun1c02n Update README.md

c7145a6

Jul 12, 2023

Update README.md

c7145a6

Git stats

  • 5 commits

Files

Permalink

Failed to load latest commit information.

Type

Name

Latest commit message

Commit time

README.md

Update README.md

July 12, 2023 19:24

README.md

CVE-2023-31704

[description] Sourcecodester Online Computer and Laptop Store 1.0 is vulnerable to Incorrect Access Control, which allows remote attackers to elevate privileges to the administrator’s role.

[Vulnerability Type] Incorrect Access Control

[Vendor of Product] Sourcecodster

[Affected Product Code Base] Online Computer and Laptop Store - 1.0

[Affected Component] https://php-ocls/classes/Users.php?f=save

[Attack Type] Remote

[Impact Escalation of Privileges] true

[CVE Impact Other] All administrative functions are exposed allowing an attacker to modify the site. This includes modification of purchase prices for products and direct modification of the site itself to include

[Attack Vectors]

  1. Log in as the administrator using the default credentials (Username: admin & Password: admin&123) at http://localhost/php-ocls/admin/login.php
  2. In the upper right-hand corner, click on the drop-down labeled “Administrator Admin” and select “My Account”
  3. Make sure the intercepting proxy is capturing, type “test” into the field labeled “Password” and press the update button in the lower left-hand corner of the page.
  4. Capture the request made to https://php-ocls/classes/Users.php?f=save
  5. Log out of the administrative account
  6. Review the captured POST request to /php-ocls/classes/Users.php?f=save, find the input “test” in the message body, and change the string to “compromised”
  7. Return to http://localhost/php-ocls/admin/login.php and log in using the “admin” username and the new admin password “compromised”

[Reference] https://www.sourcecodester.com/php/16397/online-computer-and-laptop-store-using-php-and-mysql-source-code-free-download.html https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-ocls.zip

[Discoverer] William David Mathisen (d34dun1c02n)

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907