CVEs-PoC/2019/CVE-2019-8389.md at b0e96c877abb080d7cf221c036336480ff266ccf

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-09 06:55:56 +02:00

Files

T

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

A file-read vulnerability was identified in the Wi-Fi transfer feature of Musicloud 1.6. By default, the application runs a transfer service on port 8080, accessible by everyone on the same Wi-Fi network. An attacker can send the POST parameters downfiles and cur-folder (with a crafted ../ payload) to the download.script endpoint. This will create a MusicPlayerArchive.zip archive that is publicly accessible and includes the content of any requested file (such as the /etc/passwd file).

POC

Reference

https://gist.github.com/shawarkhanethicalhacker/b98c5ac7491cf77732c793ecc468f465

Github

https://github.com/0xT11/CVE-POC
https://github.com/geeksniper/reverse-engineering-toolkit
https://github.com/hectorgie/PoC-in-GitHub
https://github.com/shawarkhanethicalhacker/CVE-2019-8389

1.1 KiB Raw Blame History

CVE-2019-8389

Description

POC

Reference

Github

1.1 KiB

Raw Blame History