Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

CVE-2023-49979 PoC — Customer Support System 安全漏洞

Source
https://github.com/geraldoalcantara/CVE-2023-49979
Associated Vulnerability
Title:Customer Support System 安全漏洞 (CVE-2023-49979)
Description:A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization.
Description
Best Student Management System v1.0 - Incorrect Access Control - Directory Listing
Readme
# CVE-2023-49979
# Best Student Management System v1.0 - Incorrect Access Control - Directory Listing

**Description**:  A directory listing vulnerability in Best Student Management System v1.0 allows attackers to list directories and sensitive files within the application without requiring authentication/authorization.

**Vulnerable Product Version**: Best Student Management System v1.0  
**CVE Author**: Geraldo Alcântara  
**Date**: 28/11/2023  
**Confirmed on**: 19/12/2023  
**CVE**: CVE-2023-49979  
**Tested on**: Windows  
### Steps to reproduce:   

1. Navigate to URL: http://{IP}/upresult/includes/ or http://{IP}/upresult/assets/. I found out that many important files of application can be accessed directly from this directory listing.  

Discoverer(s)/Credits:  
Geraldo Alcântara
File Snapshot

 [4.0K]  /data/pocs/1619fde3a510834e112a60cd9e5f433e4ef3912d
└── [ 809]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →