Gửi #261736: Sourcecodester Clinic Queuing System 1.0 Local File Inclusionthông tin

tiêu đềSourcecodester Clinic Queuing System 1.0 Local File Inclusion
Mô tảThe Sourcecodester Clinic Queuing System 1.0 is vulnerable to authenticated Local File Inclusion. In /index.php, the page GET parameter is unsafely passed into the include php function as seen below: <?php include($page.".php"); ?> This can be escalated into RCE by leveraging PHP Filter Chaining (https://github.com/synacktiv/php_filter_chain_generator). This was chained to the Auth Bypass (VulDB Sumission #261684) to make a full chain of RCE. Please refer to the proof-of-concept for demonstration.
Nguồn⚠️ https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE
Người dùng
 Echidonut (UID 45929)
Đệ trình03/01/2024 06:46 (cách đây 3 những năm)
Kiểm duyệt06/01/2024 09:52 (3 days later)
Trạng tháiđược chấp nhận
Mục VulDB249821 [SourceCodester Clinic Queuing System 1.0 GET Parameter /index.php page nâng cao đặc quyền]
điểm20

Interested in the pricing of exploits?

See the underground prices here!