Headline
CVE-2023-31704: GitHub - d34dun1c02n/CVE-2023-31704
Sourcecodester Online Computer and Laptop Store 1.0 is vulnerable to Incorrect Access Control, which allows remote attackers to elevate privileges to the administrator’s role.
main
Switch branches/tags
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 0 tags
Code
Clone
Use Git or checkout with SVN using the web URL.
Open with GitHub Desktop
Download ZIP
Latest commit
d34dun1c02n Update README.md
c7145a6
Jul 12, 2023
Update README.md
c7145a6
Git stats
- 5 commits
Files
Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
README.md
Update README.md
July 12, 2023 19:24
README.md
CVE-2023-31704
[description] Sourcecodester Online Computer and Laptop Store 1.0 is vulnerable to Incorrect Access Control, which allows remote attackers to elevate privileges to the administrator’s role.
[Vulnerability Type] Incorrect Access Control
[Vendor of Product] Sourcecodster
[Affected Product Code Base] Online Computer and Laptop Store - 1.0
[Affected Component] https://php-ocls/classes/Users.php?f=save
[Attack Type] Remote
[Impact Escalation of Privileges] true
[CVE Impact Other] All administrative functions are exposed allowing an attacker to modify the site. This includes modification of purchase prices for products and direct modification of the site itself to include
[Attack Vectors]
- Log in as the administrator using the default credentials (Username: admin & Password: admin&123) at http://localhost/php-ocls/admin/login.php
- In the upper right-hand corner, click on the drop-down labeled “Administrator Admin” and select “My Account”
- Make sure the intercepting proxy is capturing, type “test” into the field labeled “Password” and press the update button in the lower left-hand corner of the page.
- Capture the request made to https://php-ocls/classes/Users.php?f=save
- Log out of the administrative account
- Review the captured POST request to /php-ocls/classes/Users.php?f=save, find the input “test” in the message body, and change the string to “compromised”
- Return to http://localhost/php-ocls/admin/login.php and log in using the “admin” username and the new admin password “compromised”
[Reference] https://www.sourcecodester.com/php/16397/online-computer-and-laptop-store-using-php-and-mysql-source-code-free-download.html https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-ocls.zip
[Discoverer] William David Mathisen (d34dun1c02n)