| 제목 | SourceCodester 1.0 Information Disclosure |
|---|
| 설명 | Hello team,,
I have found vulnerability in SourceCodester Best House Rental Management System 1.0 inside the main page specifically inside "page" parameter however many vulnerability that has been reported about this one was XSS so I found other and more critical vulnerability when I inject this "page" parameter so I can disclose the source code of any page inside the system that's ends with "php" because vulnerability arise because of this line of code:
"<?php include $page.'.php' ?>" so I manage to exploit it and retrieve the source of any file I have created a fully working exploit visit this URL to get it and run it: https://pastebin.com/Qupf8YbH and then enter this password: 5yki3cXheX
after that you can run the script and it will ask you for file name for example after basic discovery of website like a normal user you will see different pages like login and more so just type the page you want from example after running the script type "loing" and you will get the source code of the login page |
|---|
| 원천 | ⚠️ http://localhost/index.php?page= |
|---|
| 사용자 | 0xOlV0 (UID 78507) |
|---|
| 제출 | 2024. 12. 05. PM 07:56 (1 년도 ago) |
|---|
| 모더레이션 | 2024. 12. 08. PM 09:37 (3 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 287276 [SourceCodester Best House Rental Management System 1.0 /index.php page 권한 상승] |
|---|
| 포인트들 | 17 |
|---|