Vulnerability

Broken Access Control

Issue Description:

• Access control is the way how a web application grants access to content and functions to some users and not others.

• These checks are performed after authentication and govern what ‘authorized’ users are allowed to do.

• Jeffrey discovered that when a student submit an assignment and attached any files in the school management system of rosariosis, the uploaded files have no restrictions. Any files uploaded and stored are retrievable and can be access without a credentials.

Steps to reproduce

`1. Login as as a student account:

https://www.rosariosis.org/demonstration/

`2. Under Grades Tab - > Assignments -> Add and subtract (Title) - then you’ll see that there’s an upload function.

`3. Student can upload any files and retrieve as long as the student has the URL path of the submitted files. Moreover, any files uploaded can be access without a credentials.

Uploaded PDF:

https://www.rosariosis.org/demonstration/assets/AssignmentsFiles/2022/Quarter6/Teacher2/mathematics 6_1_student s student_2023-02-17 13_22_30.000000.pdf

POC video:

https://drive.google.com/file/d/1oWZoCE8hNUTzbT3rt9wmHA5U5XQYxd5f/view?usp=share_link

Recommendations:

• Jeffrey recommends to review the whole codebase for broken access control, the following cheat sheet from OWASP provides more information: https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control.html