Exploits / Vulnerability Discovered : 2021-11-29 |
Type : webapps |
Platform : multiple
This exploit / vulnerability Orangescrum 1.8.0 privilege escalation (authenticated) is for educational purposes only and if it is used you will do on your own risk!
1. Go to the dashboard
2. Go to the page source view
3. Find in source "var PUSERS"
4. Copy "uniq_id" victim
5. Change cookie "USER_UNIQ" to "USER_UNIQ" victim from page source
6. After refreshing the page, you are logged in to the victim's account