目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CVE-2024-7928 PoC — FastAdmin 路径遍历漏洞

来源
https://github.com/th3gokul/CVE-2024-7928
关联漏洞
标题:FastAdmin 路径遍历漏洞 (CVE-2024-7928)
Description:FastAdmin是Karson个人开发者的一套基于ThinkPHP和Bootstrap的网站后台开发框架。 FastAdmin 1.3.4.20220530之前版本存在路径遍历漏洞,该漏洞源于存在任意文件读取漏洞,攻击者利用此漏洞可以获取系统敏感信息。
Description
CVE-2024-7928: FastAdmin < V1.3.4.20220530 Arbitrary File Reading Vulnerability
介绍
# CVE-2024-7928: FastAdmin < V1.3.4.20220530 Arbitrary File Reading Vulnerability
CVEHunter tool for vulnerability detection and exploit to retrieve DB details for FastAdmin instances for CVE-2024-7928 with accuracy and asynchronous concurrency than other poc's.

<h1 align="center">
  <img src="https://github.com/user-attachments/assets/ab1e9697-d78b-47d9-aff7-279394b90ea4" width="2000px">
  <br>
</h1>


### Installation

```bash
git clone https://github.com/th3gokul/CVE-2024-7928.git
cd CVE-2024-7928
pip install -r requirements.txt
python3 cvehunter.py --help
```
### Usage
```bash
┌──(root㉿th3gokul)-[CVE-2024-7928]
└─# python3 cvehunter.py -h

 ▄████▄ ██▒   █▓▓█████  ██░ ██  █    ██  ███▄    █ ▄▄▄█████▓▓█████  ██▀███  
▒██▀ ▀█▓██░   █▒▓█   ▀ ▓██░ ██▒ ██  ▓██▒ ██ ▀█   █ ▓  ██▒ ▓▒▓█   ▀ ▓██ ▒ ██▒
▒▓█    ▄▓██  █▒░▒███   ▒██▀▀██░▓██  ▒██░▓██  ▀█ ██▒▒ ▓██░ ▒░▒███   ▓██ ░▄█ ▒
▒▓▓▄ ▄██▒▒██ █░░▒▓█  ▄ ░▓█ ░██ ▓▓█  ░██░▓██▒  ▐▌██▒░ ▓██▓ ░ ▒▓█  ▄ ▒██▀▀█▄  
▒ ▓███▀ ░ ▒▀█░  ░▒████▒░▓█▒░██▓▒▒█████▓ ▒██░   ▓██░  ▒██▒ ░ ░▒████▒░██▓ ▒██▒
░ ░▒ ▒  ░ ░ ▐░  ░░ ▒░ ░ ▒ ░░▒░▒░▒▓▒ ▒ ▒ ░ ▒░   ▒ ▒   ▒ ░░   ░░ ▒░ ░░ ▒▓ ░▒▓░
  ░  ▒    ░ ░░   ░ ░  ░ ▒ ░▒░ ░░░▒░ ░ ░ ░ ░░   ░ ▒░    ░     ░ ░  ░  ░▒ ░ ▒░
░           ░░     ░    ░  ░░ ░ ░░░ ░ ░    ░   ░ ░   ░         ░     ░░   ░ 
░ ░          ░     ░  ░ ░  ░  ░   ░              ░             ░  ░   ░     
░           ░                                                               
    CVE-2024-7928                      @th3gokul

[Description]: Vulnerability Detection and Exploitation tool for CVE-2024-7928

options:
  -h, --help            show this help message and exit
  -u URL, --url URL     [INF]: Specify a URL or domain for vulnerability detection
  -l LIST, --list LIST  [INF]: Specify a list of URLs for vulnerability detection
  -t THREADS, --threads THREADS
                        [INF]: Number of threads for list of URLs
  -proxy PROXY, --proxy PROXY
                        [INF]: Proxy URL to send request via your proxy
  -v, --verbose         [INF]: Increases verbosity of output in console
  -o OUTPUT, --output OUTPUT
                        [INF]: Filename to save output of vulnerable target

```
### About
The tool is Developed by th3Gokul to detect and exploit retrieve DB details for FastAdmin instances tool for CVE-2024-7928.

### Disclaimer
The 🔨 tool is only for education and ethical purpose only and Developers are not responsible for any illegal exploitations.
文件快照

 [4.0K]  /data/pocs/7cb1f6da86973f5770f0e935835915da92071b09
├── [8.0K]  cvehunter.py
├── [3.2K]  README.md
└── [ 104]  requirements.txt

0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。