Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2024-45058 PoC — Privilege escalation in i-Educar

Source
https://github.com/0xbhsu/CVE-2024-45058
Associated Vulnerability
Title:Privilege escalation in i-Educar (CVE-2024-45058)
Description:i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. Prior to the 2.9 branch, an attacker with only minimal viewing privileges in the settings section is able to change their user type to Administrator (or another type with super-permissions) through a specifically crafted POST request to `/intranet/educar_usuario_cad.php`, modifying the `nivel_usuario_` parameter. The vulnerability occurs in the file located at `ieducar/intranet/educar_usuario_cad.php`, which does not check the user's current permission level before allowing changes. Commit c25910cdf11ab50e50162a49dd44bef544422b6e contains a patch for the issue.
Description
PoC for CVE-2024-45058 Broken Access Control, allowing any user with view permission in the user configuration section to become an administrator changing their own user type.
Readme
# CVE-2024-45058
PoC for CVE-2024-45058 Broken Access Control, allowing any user with view permission in the user configuration section to become an administrator changing their own user type. 

Grab the desired nivel_usuario_ ID and run the exploit.

# Usage
```
usage: CVE-2024-45058.py [-h] -t TARGET -u USERNAME -p PASSWORD -i ID

CVE-2024-45058 exploit

options:
  -h, --help            show this help message and exit
  -t TARGET, --target TARGET
                        Vulnerable target
  -u USERNAME, --username USERNAME
                        Account username
  -p PASSWORD, --password PASSWORD
                        Account password
  -i ID, --id ID        nivel_usuario_ ID to be set
```
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →