Shenzhen Sixun Software Sixun Shanghui Group Business Management System Improper Authorization Vulnerability in Reset Password Interface
Vulnerability
A vulnerability allowing improper authorization has been identified in Shenzhen Sixun Software's Sixun Shanghui Group Business Management System version 7. This issue arises in the Reset Password Interface, specifically within the file '/WebPages/Adm/OperatorStop.asp'. The vulnerability is triggered by manipulating the 'OperId' argument, which leads to unauthorized access or actions. The vulnerability can be exploited remotely, without any authentication, but the exploitation is considered difficult.
Impact
Exploitation of this vulnerability could lead to unauthorized access or actions within the application, specifically related to the password reset functionality.
Reproduction
To reproduce this vulnerability, send a request to the '/WebPages/Adm/OperatorStop.asp' file with a manipulated 'OperId' argument. This can be done using a web browser or a tool like Burp Suite. The manipulation of the 'OperId' argument should be done in a way that bypasses the authorization checks implemented by the application.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.