CVE-2024-28995 PoC — SolarWinds Serv-U 路径遍历漏洞

Source

https://github.com/ggfzx/CVE-2024-28995

Associated Vulnerability

Title:SolarWinds Serv-U 路径遍历漏洞 (CVE-2024-28995)
Description:SolarWinds Serv-U File Server是美国SolarWinds公司的一款文件传输服务器。 SolarWinds Serv-U存在路径遍历漏洞，该漏洞源于容易受到目录横向的影响，允许访问读取主机上的敏感文件。

Readme

# CVE-2024-28995

### 声明

**本工具仅用于个人安全研究学习。由于传播、利用本工具而造成的任何直接或者间接的后果及损失，均由使用者本人负责，工具作者不为此承担任何责任。**

------

version = 15.4

------

NAME:
   Serv-U - 任意文件读取

USAGE:
    [global options] command [command options] [arguments...]

COMMANDS:
   help, h  Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --target_url url, -u url     读取单个目标的url
   
   --target_file File, -f File  从File读取批量读取URL
   
   --output File, -o File       扫描结果输出到File (default: "success.txt")
   
   --proxy url, -p url          代理的url地址
   
   --thread 数量, -t 数量           批量扫描时的线程数量 (default: 20)
   
   --help, -h                   show help
------

### 截图
![image](https://github.com/ggfzx/CVE-2024-28995/assets/86279656/27ab5ee1-8642-4c28-8c05-a160f4057b1f)

File Snapshot


 [4.0K]  /data/pocs/089aef95d8b6eddcda0d5cd6322ae40f8e5995b2
└── [ 989]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!