Update change_user_details.php

Added `exit;` statement to stop leaking vulnerability to Impossible level.
digininja · Oct 11, 2023 · 4ae428d · 4ae428d
1 parent d73ca5b
commit 4ae428d
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/vulnerabilities/authbypass/change_user_details.php b/vulnerabilities/authbypass/change_user_details.php
@@ -10,6 +10,7 @@
 
 if (dvwaSecurityLevelGet() == "impossible" && dvwaCurrentUser() != "admin") {
 	print json_encode (array ("result" => "fail", "error" => "Access denied"));
+	exit;
 }
 
 if ($_SERVER['REQUEST_METHOD'] != "POST") {