Hello sir,
I have found a Insecure Direct Object Reference vulnerability in Monstra 3.0.4 in the vulnerable URL page. Here I was able to change the password of an administrator user while being authenticated a user with "Editor" role by changing the 'user_id' parameter to that of the target user. I have prepared and attached a doc with details of the vulnerability and steps to reproduce.
monstra_3.0.4_IDOR.pdf
Vulnerable URL: 'http://localhost/monstra/monstra-dev/admin/index.php?id=users&action=edit&user_id=2'
Hello sir, I have found a Insecure Direct Object Reference vulnerability in Monstra 3.0.4 in the vulnerable URL page. Here I was able to change the password of an administrator user while being authenticated a user with "Editor" role by changing the 'user_id' parameter to that of the target user. I have prepared and attached a doc with details of the vulnerability and steps to reproduce.