CVE-2024-28995 PoC — SolarWinds Serv-U 路径遍历漏洞

Source

https://github.com/gotr00t0day/CVE-2024-28995

Associated Vulnerability

Title:SolarWinds Serv-U 路径遍历漏洞 (CVE-2024-28995)
Description:SolarWinds Serv-U File Server是美国SolarWinds公司的一款文件传输服务器。 SolarWinds Serv-U存在路径遍历漏洞，该漏洞源于容易受到目录横向的影响，允许访问读取主机上的敏感文件。

Description

SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.

Readme

# CVE-2024-28995
SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine. 

## INSTALL

git clone https://github.com/gotr00t0day/CVE-2024-28995.git

cd CVE-2024-28995

pip3 install -r requirements.txt

## USAGE

Scan a single target
```
python3 CVE-2024-28995.py -t domain.com
```

Scan a list of domains
```
python3 CVE-2024-28995.py -f domains.txt
```

## ANALYSIS

https://attackerkb.com/topics/2k7UrkHyl3/cve-2024-28995/rapid7-analysis

File Snapshot


 [4.0K]  /data/pocs/ddbede125816f64598196f4acabef43da8ac3658
├── [2.9K]  CVE-2024-28995.py
├── [ 527]  README.md
└── [  26]  requirements.txt

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!