Description
- It was noted that the application lacked password change functionality
Lack of Password Change Functionality #1
Steps to Reproduce:
- Login with low privilege user and see that there is no password change functionality
// HTTP POST Request
POST /seotoaster/go HTTP/1.1
Host: 192.168.58.149
Content-Length: 108
Cache-Control: max-age=0
Accept-Language: en-GB,en;q=0.9
Origin: http://192.168.58.149
Content-Type: application/x-www-form-urlencoded
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36
[...]
email=test2%40example.com&password=Passw0rd%21&submit=Let+me+in&secureToken=477a9f50c8616d5ee4cabf2038fc43a3
// HTTP Response
HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Jul 2025 14:44:11 GMT
Server: Apache/2.4.37 (Unix) OpenSSL/1.0.2q PHP/5.6.40 mod_perl/2.0.8-dev Perl/v5.16.3
[...]
![]() |
No comments:
Post a Comment