CVE-2024-4040 PoC — CrushFTP 代码注入漏洞

Source

https://github.com/airbus-cert/CVE-2024-4040

Associated Vulnerability

Title:CrushFTP 代码注入漏洞 (CVE-2024-4040)
Description:CrushFTP是一款文件传输服务器。 CrushFTP 10.7.1 和 11.1.0 之前版本存在安全漏洞，该漏洞源于允许低权限的远程攻击者从 VFS 沙箱之外的文件系统读取文件。

Description

Scanner for CVE-2024-4040

Readme

# CVE-2024-4040 - exploit scanners

This repository contains files related to [CVE-2024-4040](https://nvd.nist.gov/vuln/detail/CVE-2024-4040) (CrushFTP VFS escape).

## scan_host.py

This script attempts to use the vulnerability to read files outside the sandbox. If it succeeds, the script writes `Vulnerable` to standard output and returns with exit code 1. If exploiting the vulnerability does not succeed, the script writes `Not vulnerable` and exits with status code 0.

The script depends on the [`requests`](https://requests.readthedocs.io/en/latest/) library.

## scan_logs.py

This script looks for indicators of compromise in a CrushFTP server installation directory. It is basically equivalent to running the following command:

```
$ grep -F -r '<INCLUDE>' /path/to/CrushFTP/logs/
```

For each match, it will attempt to extract the IP which tried to exploit the server.

File Snapshot


 [4.0K]  /data/pocs/22a7e5752ecedfa26e4b139bd2053118a81b09a4
├── [ 883]  README.md
├── [2.4K]  scan_host.py
├── [1.4K]  scan_logs.ps1
└── [1.3K]  scan_logs.py

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!