जमा करें #261736: Sourcecodester Clinic Queuing System 1.0 Local File Inclusionजानकारी

शीर्षकSourcecodester Clinic Queuing System 1.0 Local File Inclusion
विवरणThe Sourcecodester Clinic Queuing System 1.0 is vulnerable to authenticated Local File Inclusion. In /index.php, the page GET parameter is unsafely passed into the include php function as seen below: <?php include($page.".php"); ?> This can be escalated into RCE by leveraging PHP Filter Chaining (https://github.com/synacktiv/php_filter_chain_generator). This was chained to the Auth Bypass (VulDB Sumission #261684) to make a full chain of RCE. Please refer to the proof-of-concept for demonstration.
स्रोत⚠️ https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE
उपयोगकर्ता
 Echidonut (UID 45929)
सबमिशन03/01/2024 06:46 AM (3 साल पहले)
संयम06/01/2024 09:52 AM (3 days later)
स्थितिस्वीकृत
VulDB प्रविष्टि249821 [SourceCodester Clinic Queuing System 1.0 GET Parameter /index.php page अधिकार वृद्धि]
अंक20

Do you need the next level of professionalism?

Upgrade your account now!