Exploit for AutoLib Software Systems OPAC 20.10 Secret Disclosure CVE-2024-48310

Name: Exploit for AutoLib Software Systems OPAC 20.10 Secret Disclosure CVE-2024-48310
Rating: 5 (128 reviews)

2025-01-28 | CVSS 7.5

## https://sploitus.com/exploit?id=PACKETSTORM:188883
[+] Credits: Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC
    [+] twitter.com/_striv3r_
    
    [Vendor]
    Autolib-india
    http://autolib-india.net/products.php
    
    [Product]
    AutoLib Software Systems OPAC Version.20.10
    
    [Affected Component]
    main.js file
    
    [CVE Reference]
    CVE-2024-48310
    
    [Security Issue]
    AutoLib Software Systems OPAC v20.10 was discovered to have multiple API
    keys exposed within the source code. Attackers may use these keys to access
    the backend API or other sensitive information.
    
    [Attack Vectors]
    After obtaining the API key, an attacker can use tools such as curl,
    Postman, or custom scripts to craft unauthorized requests to the target API.
    
    [Network Access]
    Remote
    
    [Severity]
    High
    
    [Disclosure Timeline]
    Vendor Notification: September 10, 2024
    Vendor released fixed: September 25, 2024