CVE-2024-40422 PoC — Devika 安全漏洞

Source

https://github.com/j3r1ch0123/CVE-2024-40422

Associated Vulnerability

Title:Devika 安全漏洞 (CVE-2024-40422)
Description:Devika是stition开源的一个高级 AI 软件工程师。可以理解高级人类指令，将它们分解为步骤，研究相关信息，并编写代码以实现给定的目标。 Devika v1版本存在安全漏洞，该漏洞源于容易受到路径穿越攻击，导致攻击者可以操纵snapshot_path参数来遍历目录和访问服务器上的敏感文件。

Description

Found this on exploit-db, decided to make my own for practice. This exploit will search out the passwd file and print the contents on a vulnerable system.

Readme

# CVE-2024-40422
Found this on exploit-db, decided to make my own for practice. This exploit will search out the passwd file and print the contents on a vulnerable system.

pip install requests

You can read more on the vulnerability here:
https://medium.com/aardvark-infinity/cve-2024-40422-path-traversal-vulnerability-in-stitionai-devika-81cbf45718f3

File Snapshot


 [4.0K]  /data/pocs/154feb93203331ba2323052ba9f3723bbbda95aa
├── [1.1K]  exploit.py
└── [ 354]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!