The UI Performs the Wrong Action in khodakhah/nodcmsValid
Sep 16th 2021
Violation of secure design principles
Proof of Concept
step 1: click on login page and login into account. step 2: we can see dashboard and further options inside the application step 3: logout from application step 4: directly visit the url: https://demo.nodcms.com/admin/ step 5: attacker can see the dashboard and other details. attaching POC image https://ibb.co/TwZsfx4
This vulnerability is capable of leaking sensitive information in certain scenarios.