漏洞平台

POC详情： cadf89516d62090248b53975ada860cd150a59d1

来源

https://github.com/bigb0x/CVE-2024-28995

关联漏洞

标题： SolarWinds Serv-U 路径遍历漏洞 (CVE-2024-28995)
描述：SolarWinds Serv-U File Server是美国SolarWinds公司的一款文件传输服务器。 SolarWinds Serv-U存在路径遍历漏洞，该漏洞源于容易受到目录横向的影响，允许访问读取主机上的敏感文件。

描述

CVE-2024-28995 POC Vulnerability Scanner

介绍

# CVE-2024-28995 PoC and Bulk Scanner

## Overview

This repository contains a proof-of-concept (PoC) and a bulk scanner for the SolarWinds Serv-U CVE-2024-28995 directory traversal vulnerability. This vulnerability allows unauthorized access to read sensitive files on the host machine. The vulnerability was discovered and reported by Hussein Daher.

![Banner](screenshots/screen.png)

## Features

- **Single Target Scan**: Scan a single URL for the CVE-2024-28995 vulnerability.
- **Bulk Scan**: Scan multiple URLs from a file for the CVE-2024-28995 vulnerability.
- **Multi-threading**: Utilizes multi-threading to scan multiple targets concurrently.
- **Multiple payloads**: The script checks for two payloads for CVE-2024-28995 vulnerability.

## How to Use

### Single Target Scan

To scan a single target IP:
```sh
python cve-2024-28995.py -ip IP
```

### Bulk Target Scan
To mass scan bulk targets IPs:
```sh
python cve-2024-28995.py -f targets.txt
```

### Example Output
To scan a single target URL:
```sh
[01:55:10][INFO] Vulnerable Windows Device: https://IP
```

## Installation

### Minimum Requirements

- Python 3.6 or higher
- `requests` library

### Installing The Script

```sh
git clone https://github.com/bigb0x/CVE-2024-28995.git cve-2024-28995; cd cve-2024-28995
```

### Installing Required Packages

Install the required packages using pip:

```sh
pip install requests
```

## Author

This tool was created by [M Ali](https://x.com/MohamedNab1l). More details can be found in this [post](https://www.thehackerwire.com/testing-and-exploiting-solarwinds-serv-u-cve-2024-28995-vulnerability)

## License

This project is licensed under the MIT License.

## Disclaimer

This provided tool is for educational purposes only. I do not encourage, condone, or support unauthorized access to any system or network. Use this tool responsibly and only on systems you have explicit permission to test. Any actions and consequences resulting from misuse of this tool are your own responsibility.

## References
-  https://nvd.nist.gov/vuln/detail/CVE-2024-28995
- https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28995

文件快照


 [4.0K]  /data/pocs/cadf89516d62090248b53975ada860cd150a59d1
├── [7.1K]  CVE-2024-28995.py
├── [2.2K]  README.md
└── [4.0K]  screenshots
    └── [ 51K]  screen.png

1 directory, 3 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。