Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mass Assignment vulnerability #906

Open
anh91 opened this issue Jun 29, 2023 · 1 comment
Open

Mass Assignment vulnerability #906

anh91 opened this issue Jun 29, 2023 · 1 comment

Comments

@anh91
Copy link

anh91 commented Jun 29, 2023

I found a Mass Assignment vulnerability in the Website when editing the page.
When the edit page add new param "name" and value to change the name of page.
POC
image
image
image
image
@blockisec
Copy link

Did you understand what a mass assignment vulnerability is?
The application processes the last occurrence of the parameter with same name.
What is the vulnerability in changing the page name from "about" to "test_change_name"?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@blockisec @anh91