CVE-2024-4040 PoC — CrushFTP 代码注入漏洞

Source

Associated Vulnerability

Description

Exploit CrushFTP CVE-2024-4040

Readme

# Exploit Code for CVE-2024-4040
## Overview
This exploit code targets the CVE-2024-4040 vulnerability, allowing unauthorized access to user accounts by reading and validating tokens stored in the "sessions.obj" file. If the tokens are valid, hackers can gain entry to the targeted accounts. Unlike other methods exploiting similar vulnerabilities such as CVE-2023-43177, this script does not include the backdoor JAR creation and upload functionality (you can develop this part for your self).

![screenshot](https://github.com/Mohammaddvd/CVE-2024-4040/assets/108727157/200bc0e5-9e95-4b6b-8ba2-247cbc6702f2)


## Example
python3 exploit.py -u http://127.0.0.1:8080/

## Disclaimer
This exploit code is provided for educational and testing purposes only. Misuse of this code to gain unauthorized access to systems or accounts is illegal and unethical. Use at your own risk.

## Vulnerability Information
CVE ID: CVE-2024-4040
Description: A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.

## Credits
This exploit code was written by Md7.

File Snapshot

 [4.0K]  /data/pocs/ee6d5e185158e3b4cc62c9015d687654e661c2f1
├── [3.4K]  CVE-2024-4040.py
├── [1.3K]  README.md
└── [126K]  screenshot.PNG

0 directories, 3 files

Remarks