CVE-2024-7928 PoC — FastAdmin 路径遍历漏洞

Source

https://github.com/th3gokul/CVE-2024-7928

Associated Vulnerability

Title:FastAdmin 路径遍历漏洞 (CVE-2024-7928)
Description:FastAdmin是Karson个人开发者的一套基于ThinkPHP和Bootstrap的网站后台开发框架。 FastAdmin 1.3.4.20220530之前版本存在路径遍历漏洞，该漏洞源于存在任意文件读取漏洞，攻击者利用此漏洞可以获取系统敏感信息。

Description

CVE-2024-7928: FastAdmin < V1.3.4.20220530 Arbitrary File Reading Vulnerability

Readme

# CVE-2024-7928: FastAdmin < V1.3.4.20220530 Arbitrary File Reading Vulnerability
CVEHunter tool for vulnerability detection and exploit to retrieve DB details for FastAdmin instances for CVE-2024-7928 with accuracy and asynchronous concurrency than other poc's.

<h1 align="center">
  <img src="https://github.com/user-attachments/assets/ab1e9697-d78b-47d9-aff7-279394b90ea4" width="2000px">
  <br>
</h1>


### Installation

```bash
git clone https://github.com/th3gokul/CVE-2024-7928.git
cd CVE-2024-7928
pip install -r requirements.txt
python3 cvehunter.py --help
```
### Usage
```bash
┌──(root㉿th3gokul)-[CVE-2024-7928]
└─# python3 cvehunter.py -h

 ▄████▄ ██▒   █▓▓█████  ██░ ██  █    ██  ███▄    █ ▄▄▄█████▓▓█████  ██▀███  
▒██▀ ▀█▓██░   █▒▓█   ▀ ▓██░ ██▒ ██  ▓██▒ ██ ▀█   █ ▓  ██▒ ▓▒▓█   ▀ ▓██ ▒ ██▒
▒▓█    ▄▓██  █▒░▒███   ▒██▀▀██░▓██  ▒██░▓██  ▀█ ██▒▒ ▓██░ ▒░▒███   ▓██ ░▄█ ▒
▒▓▓▄ ▄██▒▒██ █░░▒▓█  ▄ ░▓█ ░██ ▓▓█  ░██░▓██▒  ▐▌██▒░ ▓██▓ ░ ▒▓█  ▄ ▒██▀▀█▄  
▒ ▓███▀ ░ ▒▀█░  ░▒████▒░▓█▒░██▓▒▒█████▓ ▒██░   ▓██░  ▒██▒ ░ ░▒████▒░██▓ ▒██▒
░ ░▒ ▒  ░ ░ ▐░  ░░ ▒░ ░ ▒ ░░▒░▒░▒▓▒ ▒ ▒ ░ ▒░   ▒ ▒   ▒ ░░   ░░ ▒░ ░░ ▒▓ ░▒▓░
  ░  ▒    ░ ░░   ░ ░  ░ ▒ ░▒░ ░░░▒░ ░ ░ ░ ░░   ░ ▒░    ░     ░ ░  ░  ░▒ ░ ▒░
░           ░░     ░    ░  ░░ ░ ░░░ ░ ░    ░   ░ ░   ░         ░     ░░   ░ 
░ ░          ░     ░  ░ ░  ░  ░   ░              ░             ░  ░   ░     
░           ░                                                               
    CVE-2024-7928                      @th3gokul

[Description]: Vulnerability Detection and Exploitation tool for CVE-2024-7928

options:
  -h, --help            show this help message and exit
  -u URL, --url URL     [INF]: Specify a URL or domain for vulnerability detection
  -l LIST, --list LIST  [INF]: Specify a list of URLs for vulnerability detection
  -t THREADS, --threads THREADS
                        [INF]: Number of threads for list of URLs
  -proxy PROXY, --proxy PROXY
                        [INF]: Proxy URL to send request via your proxy
  -v, --verbose         [INF]: Increases verbosity of output in console
  -o OUTPUT, --output OUTPUT
                        [INF]: Filename to save output of vulnerable target

```
### About
The tool is Developed by th3Gokul to detect and exploit retrieve DB details for FastAdmin instances tool for CVE-2024-7928.

### Disclaimer
The 🔨 tool is only for education and ethical purpose only and Developers are not responsible for any illegal exploitations.

File Snapshot


 [4.0K]  /data/pocs/7cb1f6da86973f5770f0e935835915da92071b09
├── [8.0K]  cvehunter.py
├── [3.2K]  README.md
└── [ 104]  requirements.txt

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!