EXPLOITDB-EDB-42705

EXPLOITDB ruby WORKING POC

Exploit for CVE-2017-20184 - Carlo Gavazzi Powersoft <2.1.1.1 - Path Traversal

AI Analysis

This Metasploit module exploits a directory traversal vulnerability in Carlo Gavazzi Powersoft <= 2.1.1.1 by sending a crafted GET request with traversal sequences to retrieve arbitrary files from the server. It authenticates using basic credentials and stores the retrieved file as loot.

Attack Type

info_leak

Complexity

trivial

Reliability

reliable

MITRE ATT&CK

T1006 - Direct Volume Access T1083 - File and Directory Discovery

Loading exploit code...

Download ZIP Password: eip

Source

Platform Exploitdb

Type webapps

Platform windows

Language ruby

Files 1

https://www.exploit-db.com/exploits/42705

Authors

James Fitts

Vulnerability

CVE-2017-20184

Carlo Gavazzi Powersoft <2.1.1.1 - Path Traversal

HIGH

CVSS 7.5