CVE-2024-28987 PoC — SolarWinds Web Help Desk 信任管理问题漏洞

Source

Associated Vulnerability

Description

Proof of Concept Exploit for CVE-2024-28987: SolarWinds Web Help Desk Hardcoded Credential Vulnerability

Readme

# CVE-2024-28987
Proof of Concept Exploit for CVE-2024-28987: SolarWinds Web Help Desk Hardcoded Credential Vulnerability


# Overview
- Extracts up to 25 most recent tickets (API limitation)
- Retrieves full details for each ticket
- Analyzes ticket IDs to estimate total tickets in system
- Organizes output in a structured directory format

## Reasoning
This builds on other exploits for this vuln. Other exploits (like MSFconsole) would trunkate output, and I wanted to see the entirety of ALL tickets.

# Usage
``` bash
python3 solar_exploit.py -u https://target.com [-o output_directory] [-d delay_seconds]
```

# Legal Disclaimer
This tool is provided for EDUCATIONAL PURPOSES ONLY. The author accepts no liability for any misuse of this software. Users must:

Only use against systems they own or have explicit written permission to test
Follow all applicable laws and regulations
Understand that unauthorized access to computer systems is illegal

By using this tool, you take full responsibility for your actions. The author cannot be held responsible for any damages resulting from its use.

File Snapshot

 [4.0K]  /data/pocs/7ce412c55f7c1e6e078fb24ffe599f27c1680231
├── [5.4K]  cve-2024-28987.py
├── [1.0K]  LICENSE
└── [1.1K]  README.md

0 directories, 3 files

Remarks