Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-31704 PoC — Online Computer and Laptop Store 安全漏洞

Source
https://github.com/d34dun1c02n/CVE-2023-31704
Associated Vulnerability
Title:Online Computer and Laptop Store 安全漏洞 (CVE-2023-31704)
Description:Online Computer and Laptop Store是Carlo Montero个人开发者的一个在线电脑和笔记本电脑商店。 Sourcecodester Online Computer and Laptop Store 1.0版本存在安全漏洞,该漏洞源于容易受到错误访问控制的攻击,使得远程攻击者能够将权限提升到管理员角色。
Readme
# CVE-2023-31704
  [description]
  Sourcecodester Online Computer and Laptop Store 1.0 is vulnerable to
  Incorrect Access Control, which allows remote attackers to elevate
  privileges to the administrator's role.
 
  ------------------------------------------
 
  [Vulnerability Type]
  Incorrect Access Control
 
  ------------------------------------------
 
  [Vendor of Product]
  Sourcecodster
 
  ------------------------------------------
 
  [Affected Product Code Base]
  Online Computer and Laptop Store - 1.0
 
  ------------------------------------------
 
  [Affected Component]
  https://php-ocls/classes/Users.php?f=save
 
  ------------------------------------------
 
  [Attack Type]
  Remote
 
  ------------------------------------------
 
  [Impact Escalation of Privileges]
  true
 
  ------------------------------------------
 
  [CVE Impact Other]
  All administrative functions are exposed allowing an attacker to modify the site. This includes modification of purchase prices for products and direct modification of the site itself to include
 
  ------------------------------------------
 
  [Attack Vectors]
  1. Log in as the administrator using the default credentials (Username: admin & Password: admin&123) at http://localhost/php-ocls/admin/login.php
  2. In the upper right-hand corner, click on the drop-down labeled "Administrator Admin" and select "My Account"
  3. Make sure the intercepting proxy is capturing, type "test" into the field labeled "Password" and press the update button in the lower left-hand corner of the page.
  4. Capture the request made to https://php-ocls/classes/Users.php?f=save
  5. Log out of the administrative account
  6. Review the captured POST request to /php-ocls/classes/Users.php?f=save, find the input "test" in the message body, and change the string to "compromised"
  7. Return to http://localhost/php-ocls/admin/login.php and log in using the "admin" username and the new admin password "compromised"
 
  ------------------------------------------
 
  [Reference]
  https://www.sourcecodester.com/php/16397/online-computer-and-laptop-store-using-php-and-mysql-source-code-free-download.html
  https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-ocls.zip
 
  ------------------------------------------
 
  [Discoverer]
  William David Mathisen (d34dun1c02n)
File Snapshot

 [4.0K]  /data/pocs/5970a0c174a3e764444b328ad84f1f25f918c8c8
└── [2.3K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.