You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
i cloned and test the webpage
I found the vulnerability which takeover any users passwords including admin password.
when i try to find the idor like bug. I found this password reset is in the url like http://127.0.0.1:8000/admin/edit-user/user
in security tab which shown in this picture
i reset admin password with following steps
Steps to reproduce the problem
create the user with author privilege.
login into the user.
Click on profile.
after that click on the security tab which is like in the about image
Type the new password and confirm password
Intercept the request in the Burpsuite.
there is a put request is going on for reset the password which the username provided on the link
here is the request which is i made to reset the password of admin
PUT /api/users/<existing usernames to reset> HTTP/1.1
Host: 127.0.0.1:8000
it works on that users token without any error
Bludit version
Just cloned the repo so I am not sure
Hosting or Webserver name
php webserver
PHP version
PHP 8.2.4 (cli) (built: Mar 15 2023 15:27:52) (NTS)
The text was updated successfully, but these errors were encountered:
Describe your problem
i cloned and test the webpage
I found the vulnerability which takeover any users passwords including admin password.
when i try to find the idor like bug. I found this password reset is in the url like http://127.0.0.1:8000/admin/edit-user/user
in security tab which shown in this picture
i reset admin password with following steps
Steps to reproduce the problem
Bludit version
Just cloned the repo so I am not sure
Hosting or Webserver name
php webserver
PHP version
PHP 8.2.4 (cli) (built: Mar 15 2023 15:27:52) (NTS)
The text was updated successfully, but these errors were encountered: