来源

关联漏洞

介绍

# CVE-2024-24919 Exploit

**CVE Identifier:** CVE-2024-24919
**Vulnerability Type:** Local File Inclusion (LFI)
**Severity:** High
**CVSS Score:** 7.5 (High)

# Overview:
CVE-2024-24919 is a Local File Inclusion (LFI) vulnerability present in certain web applications.
This vulnerability allows an attacker to read files from the server by manipulating the file path input parameter. 
By exploiting this flaw, an attacker can gain access to sensitive files on the server, such as configuration files, password files, and other critical data, leading to information disclosure and potential further compromise.

# Affected Software:
Check Point SSL Network Extender

# Queries to find vulnrable hosts
1. Shodan
   "Server: Check Point SVN"
2. fofa
   title=="Check Point SSL Network Extender"

# Usage
intall exploit
`git clone https://github.com/gurudattch/CVE-2024-24919`

install requirements
`pip install -r requirments.txt`

Check a Single URL
To check a single URL for the vulnerability:

`python cve-2024-24919.py -u "http://example.com" -d "/etc/passwd"`

Check Multiple URLs from a File

`python cve-2024-24919.py -f "urls.txt" -d "/etc/passwd"`

Arguments
```
   options:
  -h, --help            show this help message and exit
  -u URL, --url URL     Single URL to check for vulnerability
  -f FILE, --file FILE  File containing multiple URLs to check
  -d DATA, --data DATA  Data to send in the request (eg. /etc/passwd)
  -r {y,n}, --response {y,n} Print Response Or Not
                        

```

# Disclaimer

This script is intended for educational purposes and should only be used to test systems you own or have permission to test. Unauthorized use of this script against systems without permission is illegal.

文件快照

 [4.0K]  /data/pocs/4cfe5dff6e3096e4dca82164ba49c6a50d461140
├── [3.2K]  cve-2024-24919.py
├── [1.7K]  README.md
└── [  69]  requirements.txt

0 directories, 3 files

备注