Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-31704 PoC — Online Computer and Laptop Store 安全漏洞

Source
https://github.com/d34dun1c02n/CVE-2023-31704
Associated Vulnerability
Title:Online Computer and Laptop Store 安全漏洞 (CVE-2023-31704)
Description:Sourcecodester Online Computer and Laptop Store 1.0 is vulnerable to Incorrect Access Control, which allows remote attackers to elevate privileges to the administrator's role.
Readme
# CVE-2023-31704
  [description]
  Sourcecodester Online Computer and Laptop Store 1.0 is vulnerable to
  Incorrect Access Control, which allows remote attackers to elevate
  privileges to the administrator's role.
 
  ------------------------------------------
 
  [Vulnerability Type]
  Incorrect Access Control
 
  ------------------------------------------
 
  [Vendor of Product]
  Sourcecodster
 
  ------------------------------------------
 
  [Affected Product Code Base]
  Online Computer and Laptop Store - 1.0
 
  ------------------------------------------
 
  [Affected Component]
  https://php-ocls/classes/Users.php?f=save
 
  ------------------------------------------
 
  [Attack Type]
  Remote
 
  ------------------------------------------
 
  [Impact Escalation of Privileges]
  true
 
  ------------------------------------------
 
  [CVE Impact Other]
  All administrative functions are exposed allowing an attacker to modify the site. This includes modification of purchase prices for products and direct modification of the site itself to include
 
  ------------------------------------------
 
  [Attack Vectors]
  1. Log in as the administrator using the default credentials (Username: admin & Password: admin&123) at http://localhost/php-ocls/admin/login.php
  2. In the upper right-hand corner, click on the drop-down labeled "Administrator Admin" and select "My Account"
  3. Make sure the intercepting proxy is capturing, type "test" into the field labeled "Password" and press the update button in the lower left-hand corner of the page.
  4. Capture the request made to https://php-ocls/classes/Users.php?f=save
  5. Log out of the administrative account
  6. Review the captured POST request to /php-ocls/classes/Users.php?f=save, find the input "test" in the message body, and change the string to "compromised"
  7. Return to http://localhost/php-ocls/admin/login.php and log in using the "admin" username and the new admin password "compromised"
 
  ------------------------------------------
 
  [Reference]
  https://www.sourcecodester.com/php/16397/online-computer-and-laptop-store-using-php-and-mysql-source-code-free-download.html
  https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-ocls.zip
 
  ------------------------------------------
 
  [Discoverer]
  William David Mathisen (d34dun1c02n)
File Snapshot

 [4.0K]  /data/pocs/5970a0c174a3e764444b328ad84f1f25f918c8c8
└── [2.3K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →