Khalil Shreateh specializes in cybersecurity, particularly as a "white hat" hacker. He focuses on identifying and reporting security vulnerabilities in software and online platforms, with notable expertise in web application security. His most prominent work includes discovering a critical flaw in Facebook's system in 2013. Additionally, he develops free social media tools and browser extensions, contributing to digital security and user accessibility.

Get Rid of Ads!


Subscribe now for only $3 a month and enjoy an ad-free experience.

Contact us at khalil@khalil-shreateh.com

Latest Posts

Unifiedtransform 2.x Student Editor Missing Authorization

Details
Written by: khalil shreateh
Category: Vulnerabilities
Hits: 69
## Description

Unifiedtransform v2.X is vulnerable to Incorrect Access Control. Any ## Description

Unifiedtransform v2.X is vulnerable to Incorrect Access Control. Any user (students and teachers) can access and modify student records via the /students/edit/{id} endpoints. This functionality intended exclusively for administrative use. Exploiting this vulnerability can lead to unauthorized data manipulation and privilege escalation.

Vendor: [Unifiedtransform](https://github.com/changeweb/Unifiedtransform)


## Product

A school management Software
v2.X

---

## Affected components

Total Access Control Mechanism which is responsible for enforcing user permissions and roles.
Route: GET /students/edit/{id}
Controller: UserController
Method: editStudents()

And all other endpoints and functionalities related to editing student profiles.

## PoC/Attack Vector

**Step 1:** Install the application as instructed in the official GitHub repository, and log in using the default admin credentials. (This email address is being protected from spambots. You need JavaScript enabled to view it.:password)

**Step 2:** Create a school session and add both teachers and students as per the instructions provided in the repository.

**Step 3:** Log in to the application as a Teacher or Student.

**Step 4:** Navigate to the endpoint:
/students/edit/{id}

ID=1 is reserved for the Admin.
IDs 2, 3, etc., are assigned to Teachers.
IDs following those (e.g., 4, 5, ...) are assigned to Students.
(For example, if you create 2 teachers and 2 students, then ID=2 will be Teacher 1, ID=3 will be Teacher 2, ID=4 will be Student 1, and ID=5 will be Student 2.)

**Step 5:** Change the details and click on update.

---

**Vulnerability Type:** Incorrect Access Control
**Attack Type:** Remote
**Impact:** Escalation of Privileges
**Attack Vectors:** Broken Access Control allows teachers or students to modify data of other students.

**Discoverer:** Sneh Bavarva


## Additional information

**Impact:** This allows unauthorized modifications to other student's data, which should only be accessible by administrators. This can lead to significant data integrity issues and unauthorized privilege escalation.


**References:**

https://github.com/changeweb/Unifiedtransform
https://cwe.mitre.org/data/definitions/284.html

- [Unifiedtransform Official Site](http://unifiedtransform.com)
- [Unifiedtransform GitHub Repository](https://github.com/changeweb/Unifiedtransform)
Social Media Share