###Techno Portfolio Management Panel - SQL Injection/XSS/Information leak/Broken Access Control
ADLab of Venustech
Well, when I pentest the official demo site of Techno Portfolio Management Panel.
I found when I login into the backend, it left some vulnerabilities here.
For example, we can get some sensitive data here like the absolute path:
For example, We can get the site cookie here or do something more evilly.
For example, We can get database user or other info here , using some tools or just by hand:
current user: 'email@example.com'
Broken Access Control
While the feedback option should only be viewed or operated only by the admin user itself , I used the cookie of the demo normal user to replace the cookie of admin, and I removed a feedback successfully by the authority of normal user at last .
Feedback Remove URL: http://dacy.esy.es/eng/panel/portfolio.php?action=delete&id=x
At a word, it's a vulnerability of broken access control.