CVE-2020-25068 PoC — Setelsa Conacwin 路径遍历漏洞

Source

https://github.com/bryanroma/CVE-2020-25068

Associated Vulnerability

Title:Setelsa Conacwin 路径遍历漏洞 (CVE-2020-25068)
Description:Setelsa Conacwin v3.7.1.2版本存在路径遍历漏洞，该漏洞允许未经身份验证的远程攻击者可利用该漏洞通过http:IP:PORT/../../path/file_to_disclose读取服务器上的内部文件公开目录遍历URI的路径文件。

Description

Python script to exploit CVE-2020-25068.

Readme

# CVE-2020-25068

Python exploit for Conacwin v3.7.1.2.

Setelsa Conacwin v3.7.1.2 is vulnerable to a local file inclusion vulnerability. This vulnerability allows a remote unauthenticated attacker to read internal files on the server via an http:IP:PORT/../../path/file_to_disclose Directory Traversal URI


More references/info can be found at:  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25068

File Snapshot


 [4.0K]  /data/pocs/b8b02f8002b4ea73084043815cb1b5bf98f7f30c
├── [ 718]  exploit.py
├── [ 34K]  LICENSE
└── [ 410]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!