School Fees Management System Unauthorized Access
This vulnerability can cause an attacker get all student name info.
In the Project Directory ci_fms/ci_fms/application/controllers/Admin.php File，exist a named promote unauthorized action method.
Read the action method code，we can known there will select StudentInfo depend ours parameters
So，we can get student info by visit the method.
Read the Project description we can known the project used CodeIgniter3 Framework
So,we can known the routes rule.
We can use it iterator all student name,in the redteam attack,maybe a choice.
本文系作者 @孤独常伴 原创发布在 L0ne1y。未经许可，禁止转载。