This is a POC for a vulnerability in the software "will insert when released". The vulnerability exists due to a publicly hosted http server on the computers running a service installed by the software.

At this time the company has not responded to the vulnerability and due to the fact that they have not in prior vulnerabilities then I assume they will not.

Script needs to be configured before run with the ip address( or hostname but I do not think thats applicable) of the vulnerable endpoint. Once run it will download the files that are listed in the path list. The path list is not exhaustive, feel free to try other windows paths with the '%5C' path seperator. I have not fully tested the limits of this, there could easily be RCE implications I have not exhausted as well.

For 'conversion_dt.py' This Python script takes a Windows file path and removes the '' and replaces it with %5C. It was written for just this spessific task but I will likely add to it when different traversals become needed.

To run: use command "python conversion_dt.py" and it will then ask for the string to convert.