CVE-2019-17662 PoC — ThinVNC 路径遍历漏洞

Source

https://github.com/MuirlandOracle/CVE-2019-17662

Associated Vulnerability

Title:ThinVNC 路径遍历漏洞 (CVE-2019-17662)
Description:ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be read via a ../../ThinVnc.ini directory traversal attack vector.

Description

Exploit code for CVE-2019-17662

Readme

# CVE-2019-17662
## Python implementation of CVE-2019-17662 TinyVNC Arbitrary File Read leading to Authentication Bypass Exploit
### Based on the original EDB PoC by Nikhith Tumamlapalli ([EDB ID: 47519](https://www.exploit-db.com/exploits/47519))

Original PoC exploit does not work due to path normalisation in the Python Requests library. The code in this repository fixes and improves the original exploit.

Exploit is mostly automatic. See `./CVE-2019-17662.py --help` for full range of switches

**Warning:** The code in this repository may be used for academic/ethical purposes only. The author does not condone the use of this exploit for any other purposes -- it may only be used against systems which you own, or have been granted access to test.

File Snapshot


 [4.0K]  /data/pocs/8f2cc37451ad92a4458a6bddfe6e665ccf321378
├── [4.6K]  CVE-2019-17662.py
└── [ 757]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!