edu Business Solutions Print Shop Pro WebDesk Privilege Escalation Vulnerability

A privilege escalation vulnerability has been identified in edu Business Solutions Print Shop Pro WebDesk version 18.34. This issue allows remote attackers to escalate privileges by manipulating the AccessID parameter, which is used to assign user roles. The vulnerability arises from a lack of server-side validation on the AccessID, enabling unauthorized users to gain elevated privileges, including full control over the application.

Impact

Exploitation of this vulnerability leads to a complete takeover of the application, allowing the attacker to gain Super Admin rights and access all administrative functionalities.

Reproduction

To reproduce this vulnerability, first self-register an account through the registration process, which can be accessed via the reg_process.asp endpoint. After logging in, navigate to the same endpoint to update the profile details. During the update, modify the AccessID parameter to a value that grants higher privileges, such as '1'. This change will unlock additional admin functionalities.

Remediation

It is recommended to implement server-side validation for all role-related parameters, ensuring that users can only access features appropriate to their assigned roles. Additionally, monitoring and logging of authorization changes can help detect and respond to potential abuse of privilege escalation vulnerabilities.