CVE-2023-49979 PoC — Customer Support System 安全漏洞

Source

https://github.com/geraldoalcantara/CVE-2023-49979

Associated Vulnerability

Title:Customer Support System 安全漏洞 (CVE-2023-49979)
Description:Customer Support System是oretnom23个人开发者的一个客户支持系统，可以帮助某个企业或公司在客户从他们那里购买产品后提供客户支持。 Customer Support System v1 版本存在安全漏洞，该漏洞源于目录列表的逻辑漏洞，可以不受限制的列出程序中的目录和敏感文件。

Description

Best Student Management System v1.0 - Incorrect Access Control - Directory Listing

Readme

# CVE-2023-49979
# Best Student Management System v1.0 - Incorrect Access Control - Directory Listing

**Description**:  A directory listing vulnerability in Best Student Management System v1.0 allows attackers to list directories and sensitive files within the application without requiring authentication/authorization.

**Vulnerable Product Version**: Best Student Management System v1.0  
**CVE Author**: Geraldo Alcântara  
**Date**: 28/11/2023  
**Confirmed on**: 19/12/2023  
**CVE**: CVE-2023-49979  
**Tested on**: Windows  
### Steps to reproduce:   

1. Navigate to URL: http://{IP}/upresult/includes/ or http://{IP}/upresult/assets/. I found out that many important files of application can be accessed directly from this directory listing.  

Discoverer(s)/Credits:  
Geraldo Alcântara

File Snapshot


 [4.0K]  /data/pocs/1619fde3a510834e112a60cd9e5f433e4ef3912d
└── [ 809]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!