SourceCodester Online Eyewear Shop v1.0 Improper Access Controls / Cart ID Manipulation

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability ID: #409459 2. Vulnerability Name: SourceCodester Online Eyewear Shop v1.0 Improper Access Controls 3. Vulnerability Description: Cart ID Manipulation Leads to Unwanted Item Addition and Deletion 4. Vulnerability Impact: Unauthorized access to other users' shopping carts, potentially leading to financial loss and damage 5. Exploitation Method: - POC: 1. Set up the Online Eyewear Shop website: https://www.sourcecodester.com/php/16089/online-eyewear-shop-website-using-php-and-mysql-free-download.html 2. Create User 1 and User 2 3. Intercept the request 4. Log in as User 1, add an item to the cart, then log out 5. Repeat the above steps for User 2 6. Increase the quantity of an item in the cart, intercept the request, and replace User 1’s with User 2’s 7. Log in as User 2 and check if the item has been added to their cart 6. Source: https://github.com/gurudattch/CVEs/edit/main/Sourcecodester-Online-Eyewear-shop-webiste-Broken-access-control.md 7. Submitter: guru (ID 74056) 8. Submission Time: September 17, 2024, 09:04 AM (1 day ago) 9. Review Time: September 17, 2024, 09:52 PM (6 hours after submission) This information provides a detailed description of the vulnerability’s nature, exploitation method, impact, and details about the submitter and timeline.

Goal Reached Thanks to every supporter — we hit 100%!

SourceCodester Online Eyewear Shop v1.0 Improper Access Controls / Cart ID Manipulation