## https://sploitus.com/exploit?id=FDB92D75-FF11-58BD-A108-23226F6AC63E
# CVE-2024-46987: Automated Path Traversal



## ๐ Overview
This repository contains a Python-based Proof of Concept (PoC) for **CVE-2024-46987**. This vulnerability is a Path Traversal flaw found in file download modules of certain CMS environments (notably Camaleon CMS Version 2.9.0)
The script automates the retrieval of sensitive system files (like `/etc/passwd` or SSH private keys) by bypassing standard path normalization.
---
## ๐ ๏ธ Technical Details
The vulnerability exists because the application accepts a `file` parameter and appends it to a directory string without sufficient sanitization.
This PoC uses the `requests.Session` object and **Prepared Requests** to ensure that traversal sequences (`../../`) are sent "as-is" to the server. This prevents the Python library from locally resolving the path, which is a common hurdle when automating directory traversal exploits.
---
## ๐ฆ Usage Instructions
### 1. Prerequisites
This is a **post-authentication** vulnerability. You must have:
* Valid credentials for the target admin panel.
* An active session cookie.
### 2. Capture Authentication Data
1. Log in to the target application (`http://url/admin/login`).
2. Open your browser's **Developer Tools** (F12) -> **Network Tab**.
3. Locate a request to the `/admin` path and copy the following from the **Cookie** header:
- `auth_token`
- `_session`
### 3. Configuration
Clone the repository and update the `COOKIES` dictionary in `exploit.py`:
```python
COOKIES = {
'auth_token': 'YOUR_TOKEN_HERE',
'session': 'YOUR_SESSION_HERE'
}