Skip to content

Instantly share code, notes, and snippets.

@th4s1s

th4s1s/online-shoe-bac.md Secret

Last active January 2, 2025 18:54
Show Gist options
  • Save th4s1s/955b71b20235dddf30689d4b85b4d271 to your computer and use it in GitHub Desktop.
Save th4s1s/955b71b20235dddf30689d4b85b4d271 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
online-shoe-bac.md

Online Shoe Store Using PHP has Broken Access Control vulnerability in /admin/index.php.

Project

https://code-projects.org/online-shoe-store-using-php-source-code/

Vulnerability

/admin/index.php

Description

Broken Access Control vulnerability exists in diretory /admin/index.php where this function can be access by any user and they will become admin user with access to the admin panel.

PoC

Simply login with a normal user and access /admin/index.php and become admin. image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment