ONLYOFFICE Path Traversal Exploit (CVE-2023-46988) 📌 Overview This script exploits a path traversal vulnerability in ONLYOFFICE Document Server (CVE-2023-46988) that allows unauthorized users to copy arbitrary files from the server. The vulnerability exists in the /example/editor endpoint, where the fileExt parameter can be manipulated to access sensitive system and configuration files. ⚠️ Disclaimer This tool is for educational and authorized security research purposes only. Unauthorized use against systems without explicit permission is illegal and unethical. 🛠 Features Retrieve default sensitive files: /etc/passwd /etc/onlyoffice/documentserver/local.json (contains database credentials & JWT secrets) Specify any file path to retrieve with the –file argument. Supports optional proxying for Burp Suite interception (–proxy). Supports optional SSL verification (–verify). Fixes encoding issues when downloading files with special characters. 🚀 Usage 1️⃣ Basic Usage (Retrieve Default Files) bash python onlyoffice_exploit.py https://localhost This retrieves: – /etc/passwd – /etc/onlyoffice/documentserver/local.json 2️⃣ Retrieve a Custom File (e.g., /etc/hosts) bash python onlyoffice_exploit.py https://localhost –file /etc/hosts 3️⃣ Enable Proxy (e.g., Burp Suite on 127.0.0.1:8080) bash python onlyoffice_exploit.py https://localhost –proxy bash python onlyoffice_exploit.py https://localhost –proxy https://127.0.0.1:8080 4️⃣ Enable SSL Verification bash python…Read More