| عنوان | Simple E-Learning System Unauthorized download of arbitrary files |
|---|
| الوصف | info:Simple E-Learning System does not authorize arbitrary file downloads
The downloadFiles file can directly pass parameters for file download,
The parameter download does not filter parameters, URL: http://192.168.153.1/vcs//downloadFiles.php?download=xxxxx can download any file directly.
payload:
http://192.168.153.1/vcs//downloadFiles.php?download=C:\Windows\win.ini |
|---|
| المصدر | ⚠️ https:// www.sourcecodester.com/php-simple-e-learning-system-source-code |
|---|
| المستخدم | jsbae3449 (UID 30775) |
|---|
| ارسال | 10/08/2022 03:00 PM (4 سنوات منذ) |
|---|
| الاعتدال | 11/08/2022 11:22 AM (20 hours later) |
|---|
| الحالة | مكرر |
|---|
| إدخال VulDB | 205828 [SourceCodester Simple E-Learning System downloadFiles.php تحميل الكشف عن المعلومات] |
|---|
| النقاط | 0 |
|---|