H2 database 1.4.197 information disclosure Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2018-07-30 |
Type : webapps |
Platform : linux
This exploit / vulnerability H2 database 1.4.197 information disclosure is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: H2 Database 1.4.197 - Information Disclosure
# Date: 2018-07-16
# Exploit Author: owodelta
# Vendor Homepage: www.h2database.com
# Software Link: http://www.h2database.com/html/download.html
# Version: all versions
# Tested on: Linux
# CVE : CVE-2018-14335
# Description: Insecure handling of permissions in the backup function allows
# attackers to read sensitive files (outside of their permissions) via a
# symlink to a fake database file.
# PS, thanks to HTB and our team FallenAngels
#!/usr/bin/python
import requests
import argparse
import os
import random