Hi all,
I am Maloy Roy Orko.
Recently,in one of my pentest research,I found a web application project and it was Real Estate Management System by Script and Tools.
So,I downloaded this and started to find vulnerabilities if it has.
Surprisingly,I found Broken Access Control vulnerability and for specifically CWE-698: Execution After Redirect (EAR) in /admin/userlist.php
CVE Number: In Review
CWE Number: CWE-284 ,CWE-698
Source Code Review:
As you can see,There are no die() or exit() after header() redirect!
That's why,this vulnerability is occuring!
Some Important Informations:
Title of the Vulnerability:
Real Estate Management System V 1.0 | /admin/userlist.php | Broken Access Control| Found By Maloy Roy Orko
Vulnerability Class: Broken Access Control
Product Name: Real Estate Management System
Vendor: https://github.com/scriptandtools/
Vulnerable Product Link: https://github.com/scriptandtools/Real-Estate-website-in-PHP
Vulnerable File/Component: /admin/userlist.php
Technical Details & Description: The application source code is coded in a way which allows Broken Access Control in /admin/userlist.php due to CWE-698
Detailed Explanation by AI: https://www.blackbox.ai/chat/326OJs4
Exploitation POC:
Step-1: Use No redirect Based Extensions!
In my case,I am using DH-Hackbar which has no redirect mode!
Step-2: Now visit the vulnerable URL!
http://192.168.0.101:8080/reali/admin/userlist.php
Step-3: BOOM! You can see the sensitive User information without logging into the admin panel!
So,It is proved that the admin/userlist.php is vulnerable to Broken Access Control specifically CWE-698.
Risks:
- Unauthorized Access
- Information Disclosure
- Security Breaches
- Compliance Violations
- Exploitation of Other Vulnerabilities