Hello,
My name is Nguyen Dang Toan, I'm a
Pentester.
In 22/04/2020, I wanted to looking for my CVE myself, then I
choosed Chamilo lms. Hoang Kien is a my new friend, he wanted to help me -->
we got two vulnerabilities. Hhaha :v
Ok, let's go.
This is a second vulnerability in Chamilo lms.
Version tested: Chamilo LMS 1.11.10 for PHP 7.3.
Web server: apache
webserver-Apache/2.4.41 (Debian).
Pentester: Hoang Kien, Nguyen Dang Toan.
Issue: Allow
user with Sessions administrator to create a new user with administrator
privilege.
Poc:
Step1:
Login ‘abcd’ user with Sessions administrator.
Step2:
Create a new user has named ‘654’.
Step3:
Click button edit user ‘654’.
Step4:
Intercept is on (burp suite) and click save. After that, edit request body like
below picture.
Step5:
Login ‘654’ user. And ‘654’ is administrator.
Ok, done!
I wanna say thanks to Hoang Kien, he is a new friend.
Finally: You can read my first vulneralility in Chamilo lms at here.
Nhận xét
Đăng nhận xét
Toản Đăng ơi! Có nhật xét mới