首页 闲杂 School Fees Management System Unauthorized Access

School Fees Management System Unauthorized Access

孤独常伴
发布在 闲杂
541

Vulnerability description

This vulnerability can cause an attacker get all student name info.

Vulnerability details

In the Project Directory ci_fms/ci_fms/application/controllers/Admin.php File,exist a named promote unauthorized action method.

School Fees Management System Unauthorized Access-L0ne1y
Unauth Method

Read the action method code,we can known there will select StudentInfo depend ours parameters

So,we can get student info by visit the method.

Read the Project description we can known the project used CodeIgniter3 Framework

So,we can known the routes rule.

School Fees Management System Unauthorized Access-L0ne1y
Code
School Fees Management System Unauthorized Access-L0ne1y
School Fees Management System Unauthorized Access-L0ne1y

We can use it iterator all student name,in the redteam attack,maybe a choice.

Source Code

https://www.sourcecodester.com/php/15697/school-fees-management-system-project-php-and-codeigniter-free-source-code.html

本文系作者 @ 原创发布在 L0ne1y。未经许可,禁止转载。

喜欢()
上一篇
Novel-Plus SQLi
相关文章
Novel-Plus SQLi
Novel-Plus default JWT Key
Novel-plus Background arbitrary file download
Lin-cms-Spring-Boot default JWT Key
热门搜索
孤独常伴
34 文章
1 评论
6 喜欢
Top