Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-40651 PoC — OS4Ed OpenSIS 路径遍历漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-40651.yaml
Associated Vulnerability
Title:OS4Ed OpenSIS 路径遍历漏洞 (CVE-2021-40651)
Description:OS4Ed OpenSIS是OS4Ed的商业级、安全、可扩展和直观的学生信息系统、学校管理软件。具有在一个安装中运行单个或多个机构的所有功能。基于 Web,php 代码,MySQL 数据库。 OS4Ed OpenSIS Community存在路径遍历漏洞,该漏洞源于OS4Ed OpenSIS Community 8.0 容易受到 Modules.php(modname 参数)中的本地文件包含漏洞的影响,只要应用程序有权访问该文件,该漏洞就可以从服务器的文件系统中泄露任意文件。
Description
OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php (modname parameter), which can disclose arbitrary file from the server's filesystem as long as the application has access to the file.
File Snapshot

 id: CVE-2021-40651

info:
  name: OS4Ed OpenSIS Community 8.0 - Local File Inclusion
  author: ctfle

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.