CVE-2019-17662 PoC — ThinVNC 路径遍历漏洞

Source

https://github.com/bl4ck574r/CVE-2019-17662

Associated Vulnerability

Title:ThinVNC 路径遍历漏洞 (CVE-2019-17662)
Description:ThinVNC是一款基于HTML5和AJAX的远程桌面实现。 ThinVNC 1.0b1版本中存在路径遍历漏洞。攻击者可利用该漏洞读取任意文件，进而入侵VNC服务器。

Readme

# CVE-2019-17662

Modified the CVE code 

Used [Prepared Requests](https://requests.readthedocs.io/en/latest/api/#requests.PreparedRequest), as in python3 requests module normalize the `../` in URL such as:<br>
For code:
```python
r = requests.get("http://123.123.123.123/../../../../../../test")
print(str(r.status_code))
```
Results in:
```http
GET /test HTTP/1.1
Host: 123.123.123.123
Connection: close
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: python-requests/2.22.0
```
---
Original Exploit:<br>
https://www.exploit-db.com/exploits/47519

File Snapshot


 [4.0K]  /data/pocs/58b14d91591a823d6d49a22fd2a8fe2a99e72528
├── [ 719]  CVE-2019-17662.py
└── [ 556]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!