Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-20114 PoC — Tecnick.com TCExam 信息泄露漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-20114.yaml
Associated Vulnerability
Title:Tecnick.com TCExam 信息泄露漏洞 (CVE-2021-20114)
Description:Tecnick.com TCExam是英国Tecnick.com公司的一套基于Web的开源电子考试系统。该系统主要用于在线考试等。 TCExam 存在信息泄露漏洞,该漏洞源于默认设置中的访问限制错误。远程攻击者可利用该漏洞访问缓存备份目录,其中包括敏感的数据库备份文件。该漏洞允许远程攻击者获得未经授权的访问权限。
Description
When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which includes sensitive database backup files.
File Snapshot

 id: CVE-2021-20114

info:
  name: TCExam <= 14.8.1 - Sensitive Information Exposure
  author: push4d

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.