CVE-2022-32199 PoC — ScriptCase 路径遍历漏洞

Source

https://github.com/Toxich4/CVE-2022-32199

Associated Vulnerability

Title:ScriptCase 路径遍历漏洞 (CVE-2022-32199)
Description:NETMAKE SOLUÇÕES EM INFORMÁTICA LTDA ScriptCase是NETMAKE SOLUÇÕES EM INFORMÁTICA LTDA公司的一款专业高效的PHP快速代码生成及开发工具。 ScriptCase 9.9.008版本及之前版本存在安全漏洞，该漏洞源于存在目录遍历漏洞。攻击者利用该漏洞可以删除任意文件。

Readme

# CVE-2022-32199
ScriptCase <= 9.9.008 is vulnerable to
Arbitrary File Deletion by an admin
via a directory traversal sequence in the file parameter

How to use:
> python CVE-2022-32199.py -t 127.0.0.1 -u admin -p admin -path windows/win.ini



Example of deleting file in the root directory

![Image alt](https://github.com/Toxich4/CVE-2022-32199/blob/main/src/PoC.gif)

File Snapshot


 [4.0K]  /data/pocs/ec0061df494ffaf375b86010068951bb5d5162f5
├── [3.2K]  CVE-2022-32199.py
├── [ 371]  README.md
└── [4.0K]  src
    ├── [ 50K]  1.png
    ├── [584K]  2.mp4
    ├── [184K]  PoC.gif
    └── [  50]  Readme.md

1 directory, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!