POC详情: 724ec953c00e5f30b7ba6ad8cb27e4b995448c93

来源
https://github.com/AbdullahAlmutawa/CVE-2024-50945
关联漏洞
标题: SimplCommerce 安全漏洞 (CVE-2024-50945)
描述:SimplCommerce是SimplCommerce开源的一个基于 .NET 构建的简单、跨平台、模块化电子商务系统。 SimplCommerce存在安全漏洞,该漏洞源于访问控制不当。
描述
SimplCommerce is affected by a broken access control vulnerability in the review system, allowing unauthorized users to post reviews for products they have not purchased.
介绍
# CVE-2024-50945
SimplCommerce is affected by a Broken Access Control vulnerability in the review system, allowing unauthorized users to post reviews for products they have not purchased.

# Detection Method
An attacker can detect this vulnerability by sending a request to the review submission endpoint and changing the EntityId to the ID of a product they have not purchased. If the review is successfully posted, it confirms the website is vulnerable to Broken Access Control vulnerability.

# Tested on
230310c8d7a0408569b292c5a805c459d47a1d8f commit

# Links
https://www.simplcommerce.com/

https://github.com/simplcommerce/SimplCommerce

# Disclosure Timeline

# Credits
Abdullah Almutawa
文件快照

 [4.0K]  /data/pocs/724ec953c00e5f30b7ba6ad8cb27e4b995448c93
└── [ 696]  README.md

0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。