Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Qibocms - Arbitrary File Download

By kannthu

Vidoc logoVidoc Module

What is the "Qibocms - Arbitrary File Download?" module?

The "Qibocms - Arbitrary File Download" module is a test case designed to detect a specific vulnerability in the Qibocms software. This vulnerability allows an attacker to download arbitrary files from the server. The severity of this vulnerability is classified as high.

This module was authored by theabhinavgaur.


If successfully exploited, the Qibocms arbitrary file download vulnerability can lead to unauthorized access to sensitive files on the server. This can potentially expose confidential information, compromise the integrity of the system, and enable further attacks.

How does the module work?

The module sends an HTTP GET request to the "/do/job.php?job=download&url=ZGF0YS9jb25maWcucGg8" endpoint of the target Qibocms application. It then applies several matching conditions to determine if the vulnerability is present:

- The response body must contain the strings "If all of these conditions are met, the module reports the vulnerability.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Matching conditions
word: <?php, $webdband
word: filename=configand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability