Good Evening Friends. Today we will see how to use Limesurvey Unauthenticated File Download exploit to download files from the remote web server. To those who don’t know what Limesurvey is, it is is a free and open source on-line survey application written in PHP. It enables users using a web interface to develop and publish on-line surveys, collect responses, create statistics, and export the resulting data to other applications.
This exploit works on Limesurvey versions 2.0+ and 2.06+ Build 151014. For this howto, I have installed Limesurvey on a web server as shown below.
Here’s a video version. The textual version is below the video. Please scroll down.
For this howto, I have installed Limesurvey on a web server as shown below.
Given below are the files located in the Limesurvey directory which should not be accessible to anybody. We will try to download the “README” file using the Limesurvey Unauthenticated File Download exploit in Metasploit.
Start Metasploit and load the exploit as shown below. Set the required options also as shown below. The “filepath” option is to set what file you want to download. I have chosen “readme” file as mentioned above. I have set the “traversal_depth” option to zero as the file I want to download is in the current folder only. You can set appropriately.
Once again check the required options. It should be as below.
Type command “run” and the file will be downloaded as shown below. Happy hacking.