Share
## https://sploitus.com/exploit?id=FDB92D75-FF11-58BD-A108-23226F6AC63E
# CVE-2024-46987: Automated Path Traversal

![Vulnerability Type](https://img.shields.io/badge/Vulnerability-Path%20Traversal-red)
![CVE](https://img.shields.io/badge/CVE-2024--46987-orange)
![Python Version](https://img.shields.io/badge/Python-3.x-blue)

## ๐Ÿ“– Overview
This repository contains a Python-based Proof of Concept (PoC) for **CVE-2024-46987**. This vulnerability is a Path Traversal flaw found in file download modules of certain CMS environments (notably Camaleon CMS Version 2.9.0) 

The script automates the retrieval of sensitive system files (like `/etc/passwd` or SSH private keys) by bypassing standard path normalization.



---

## ๐Ÿ› ๏ธ Technical Details
The vulnerability exists because the application accepts a `file` parameter and appends it to a directory string without sufficient sanitization. 

This PoC uses the `requests.Session` object and **Prepared Requests** to ensure that traversal sequences (`../../`) are sent "as-is" to the server. This prevents the Python library from locally resolving the path, which is a common hurdle when automating directory traversal exploits.

---

## ๐Ÿšฆ Usage Instructions

### 1. Prerequisites
This is a **post-authentication** vulnerability. You must have:
* Valid credentials for the target admin panel.
* An active session cookie.

### 2. Capture Authentication Data
1. Log in to the target application (`http://url/admin/login`).
2. Open your browser's **Developer Tools** (F12) -> **Network Tab**.
3. Locate a request to the `/admin` path and copy the following from the **Cookie** header:
   - `auth_token`
   - `_session`

### 3. Configuration
Clone the repository and update the `COOKIES` dictionary in `exploit.py`:

```python
COOKIES = {
    'auth_token': 'YOUR_TOKEN_HERE',
    'session': 'YOUR_SESSION_HERE'
}