Newbie Spellweaver
- Joined
- Feb 7, 2013
- Messages
- 44
- Reaction score
- 3
This isn't much an exploit, but it's something that should be configured and not left sitting there.
This is just an attempt to help the community using Sledmore's DB release.
So, what I've witnessed is that the catalog can be exploited into viewing staff catalog pages, this is because the rank is not properly configured in the database. Some pages in the staff catalog of the DB is on rank 1(user), which should be changed to the rank of the catalog, to prevent unauthorized access. Again, something that should be configured for the protection of your hotel. Thank you.
This is just an attempt to help the community using Sledmore's DB release.
So, what I've witnessed is that the catalog can be exploited into viewing staff catalog pages, this is because the rank is not properly configured in the database. Some pages in the staff catalog of the DB is on rank 1(user), which should be changed to the rank of the catalog, to prevent unauthorized access. Again, something that should be configured for the protection of your hotel. Thank you.