Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
An issue was discovered in hitshop 1.0beta.
There is a Elevation of privilege vulnerability which allows control the whole website
http://localhost/admin.php/user/add
1.Add a normal store keeper
2.Login use store keeper jurisdiction,now we just have the privilege of commodity management.
3.Use this account add the other administrator privilege account
4.Login the fake admin account,and now you have all system privilege.
You can change the old administrators' password or any other info of this website
The text was updated successfully, but these errors were encountered:
No branches or pull requests
An issue was discovered in hitshop 1.0beta.
There is a Elevation of privilege vulnerability which allows control the whole website
Vulnerability trigger point
http://localhost/admin.php/user/add
1.Add a normal store keeper

2.Login use store keeper jurisdiction,now we just have the privilege of commodity management.

3.Use this account add the other administrator privilege account

4.Login the fake admin account,and now you have all system privilege.

You can change the old administrators' password or any other info of this website

The text was updated successfully, but these errors were encountered: