Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Qibocms - Arbitrary File Download" module is a test case designed to detect a specific vulnerability in the Qibocms software. This vulnerability allows an attacker to download arbitrary files from the server. The severity of this vulnerability is classified as high.
This module was authored by theabhinavgaur.
If successfully exploited, the Qibocms arbitrary file download vulnerability can lead to unauthorized access to sensitive files on the server. This can potentially expose confidential information, compromise the integrity of the system, and enable further attacks.
The module sends an HTTP GET request to the "/do/job.php?job=download&url=ZGF0YS9jb25maWcucGg8" endpoint of the target Qibocms application. It then applies several matching conditions to determine if the vulnerability is present:
- The response body must contain the strings "If all of these conditions are met, the module reports the vulnerability.