Enviar #109903: The Earnings and Expense Tracker Application has file reading vulnerabilitiesinformación

TítuloThe Earnings and Expense Tracker Application has file reading vulnerabilities
DescripciónUsers can read files on the server through carefully constructed urls. The vulnerability is at line 83 of index.php, where the code does not filter user input. page parameters are completely controllable and unfiltered. https://github.com/web-zxl/img/blob/main/1.png https://github.com/web-zxl/img/blob/main/2.png We construct the following statement http://127.0.0.1/php-sqlite-expense-tracker/?page=php://filter /read=convert. base64-encode/resource=users and access, you can see the page read fetch base64 encoded users. base64 decoding is the source code of users.php https://github.com/web-zxl/img/blob/main/3.png
Fuente⚠️ https://www.sourcecodester.com/php/16354/earnings-and-expense-tracker-app-using-php-and-sqlite3-source-code-free-download.html
Usuario
 aallll (UID 34396)
Sumisión2023-04-04 12:11 (hace 3 años)
Moderación2023-04-05 08:04 (20 hours later)
EstadoAceptado
Entrada de VulDB224997 [SourceCodester Earnings and Expense Tracker App 1.0 index.php page divulgación de información]
Puntos20

AnteriorVisión De ConjuntoPróximo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!

n $_SERVER['REMOTE_ADDR'] ?? '0.0.0.0'; } } ?>