Open FluxxyBoi opened 2 months ago
Manually setting "DidAdminLogInOnThisSystem" to "true" from inspect element to gain unauthorized access. Allows anyone to delete, or edit anyone else's blogs.
5/5
Not store such information in localstorage.
GD Goenka, Sector 48.
window.localStorage.setItem("DidAdminLogInOnThisSystem", "TRUE"); window.location.href = "/admin/";
Console command to login into admin panel.
Description of the Vulnerability
Manually setting "DidAdminLogInOnThisSystem" to "true" from inspect element to gain unauthorized access. Allows anyone to delete, or edit anyone else's blogs.
Screen Shot of the Vulnerable Code
Impact of the vulnerability
5/5
Recommended Steps to resolve it?
Not store such information in localstorage.
School Name
GD Goenka, Sector 48.