Headline
CVE-2021-44582: CVE-2021-44582/Privilege Escalation via Forced Browsing in Sourcecodester Money Transfer Management System at main · warmachine-57/CVE-2021-44582
A Privilege Escalation vulnerability exists in Sourcecodester Money Transfer Management System 1.0, which allows a remote malicious user to gain elevated privileges to the Admin role via any URL.
# Exploit Title: Privilege Escalation via Forced Browsing
# Google Dork: NA
# Date: 11/03/2022
# Exploit Author: Ali J.
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/php/15015/money-transfer-management-system-send-money-businesses-php-free-source-code.html
# Version: 1.0
# Tested on: Windows 10
# CVE : CVE-2021-44582
Steps to Reproduce:
1. Login to the Money Transfer Management System with admin credentials and copy the URL.
2. Logout from the admin role and login with the normal user credentials, observe the available modules on the left side.
3. Paste the admin URL and observe that the application is vulnerable to Privilege Escalation via Forced Browsing.