[description] Sourcecodester Online Computer and Laptop Store 1.0 is vulnerable to Incorrect Access Control, which allows remote attackers to elevate privileges to the administrator's role.
[Vulnerability Type] Incorrect Access Control
[Vendor of Product] Sourcecodster
[Affected Product Code Base] Online Computer and Laptop Store - 1.0
[Affected Component] https://php-ocls/classes/Users.php?f=save
[Attack Type] Remote
[Impact Escalation of Privileges] true
[CVE Impact Other] All administrative functions are exposed allowing an attacker to modify the site. This includes modification of purchase prices for products and direct modification of the site itself to include
[Attack Vectors]
- Log in as the administrator using the default credentials (Username: admin & Password: admin&123) at http://localhost/php-ocls/admin/login.php
- In the upper right-hand corner, click on the drop-down labeled "Administrator Admin" and select "My Account"
- Make sure the intercepting proxy is capturing, type "test" into the field labeled "Password" and press the update button in the lower left-hand corner of the page.
- Capture the request made to https://php-ocls/classes/Users.php?f=save
- Log out of the administrative account
- Review the captured POST request to /php-ocls/classes/Users.php?f=save, find the input "test" in the message body, and change the string to "compromised"
- Return to http://localhost/php-ocls/admin/login.php and log in using the "admin" username and the new admin password "compromised"
[Reference] https://www.sourcecodester.com/php/16397/online-computer-and-laptop-store-using-php-and-mysql-source-code-free-download.html https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-ocls.zip
[Discoverer] William David Mathisen (d34dun1c02n)