Skip to content

Instantly share code, notes, and snippets.

@topsky979

topsky979/hotel-mgmt-system_INSECURE_PERSMIISION_1.md Secret

Last active August 26, 2024 09:21
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save topsky979/99d2ebf7b5598ef227262ba1b2bb392f to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save topsky979/99d2ebf7b5598ef227262ba1b2bb392f to your computer and use it in GitHub Desktop.
Download ZIP
Raw
hotel-mgmt-system_INSECURE_PERSMIISION_1.md

[description]

hotel-mgmt-system has arbitrary account login vulnerability via the URI /app/process_login.php.

[Vulnerability Type]

Insecure Permissions

[Vendor of Product]

hotel-mgmt-system,https://github.com/tramyardg/hotel-mgmt-system

[Affected Product Code Base]

commit<=79d688567321f86bdc2d009662ae65fd1514736c

[Impact Escalation of Privileges]

true

[POC]
On the login page, enter a known account and any characters as the password, and then you can log in to the account.
图片 图片 图片
Expected to return a Boolean type, but returned a string type 图片 图片

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment