Posted on Leave a comment

Limesurvey Unauthenticated File Download exploit

Good Evening Friends. Today we will see how to use Limesurvey Unauthenticated File Download exploit to download files from the remote web server. To those who don’t know what Limesurvey is, it is is a free and open source on-line survey application written in PHP. It enables users using a web interface to develop and publish on-line surveys, collect responses, create statistics, and export the resulting data to other applications.

This exploit works on Limesurvey versions 2.0+ and 2.06+ Build 151014.  For this howto, I have installed Limesurvey on  a web server as shown below.

Here’s a video version. The textual version is below the video. Please scroll down.

For this howto, I have installed Limesurvey on  a web server as shown below.

limesurvey1

Given below are the files located in the Limesurvey directory which should not be accessible to anybody. We will try to download the “README” file using the Limesurvey Unauthenticated File Download exploit in Metasploit.

limesurvey2

Start Metasploit and load the exploit as shown below. Set the required options also as shown below. The “filepath” option is to set what file you want to download. I have chosen “readme” file as mentioned above. I have set the “traversal_depth” option to zero as the file I want to download is in the current folder only. You can set appropriately.

limesurvey3

Once again check the required options. It should be as below.

limesurvey4

Type command “run” and the file will be downloaded as shown below.  Happy hacking.

limesurvey5

 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.