[description] Sourcecodester Online Computer and Laptop Store 1.0 is vulnerable to Incorrect Access Control, which allows remote attackers to elevate privileges to the administrator's role.

[Vulnerability Type] Incorrect Access Control

[Vendor of Product] Sourcecodster

[Affected Product Code Base] Online Computer and Laptop Store - 1.0

[Affected Component] https://php-ocls/classes/Users.php?f=save

[Attack Type] Remote

[Impact Escalation of Privileges] true

[CVE Impact Other] All administrative functions are exposed allowing an attacker to modify the site. This includes modification of purchase prices for products and direct modification of the site itself to include

[Attack Vectors]

1. Log in as the administrator using the default credentials (Username: admin & Password: admin&123) at http://localhost/php-ocls/admin/login.php
2. In the upper right-hand corner, click on the drop-down labeled "Administrator Admin" and select "My Account"
3. Make sure the intercepting proxy is capturing, type "test" into the field labeled "Password" and press the update button in the lower left-hand corner of the page.
4. Capture the request made to https://php-ocls/classes/Users.php?f=save
5. Log out of the administrative account
6. Review the captured POST request to /php-ocls/classes/Users.php?f=save, find the input "test" in the message body, and change the string to "compromised"
7. Return to http://localhost/php-ocls/admin/login.php and log in using the "admin" username and the new admin password "compromised"

[Reference] https://www.sourcecodester.com/php/16397/online-computer-and-laptop-store-using-php-and-mysql-source-code-free-download.html https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-ocls.zip

[Discoverer] William David Mathisen (d34dun1c02n)