CVE-2024-7928 PoC — FastAdmin 路径遍历漏洞

Source

https://github.com/fa-rrel/CVE-2024-7928

Associated Vulnerability

Title:FastAdmin 路径遍历漏洞 (CVE-2024-7928)
Description:FastAdmin是Karson个人开发者的一套基于ThinkPHP和Bootstrap的网站后台开发框架。 FastAdmin 1.3.4.20220530之前版本存在路径遍历漏洞，该漏洞源于存在任意文件读取漏洞，攻击者利用此漏洞可以获取系统敏感信息。

Description

CVE-2024-7928 fastadmin vulnerability POC & Scanning

Readme

# CVE-2024-7928
POC for CVE-2024-7928. Will attempt to retrieve DB details for FastAdmin instances.
![Banner](screen.jpg)

## How to Use
FOFA : app="FASTADMIN"

### Install the script requirements:
```sh
pip install -r requirements.txt
```

### Single Target:
```sh
python CVE-2024-7928.py -u https://target:9090
```

### Bulk Sscan:
```sh
python CVE-2024-7928.py -f file.txt
```

## Disclaimer
#WARNING!!!
This tool is provided for educational and research purposes only. The creator assumes no responsibility for any misuse or damage caused by the tool. 

## References

- https://nvd.nist.gov/vuln/detail/CVE-2024-7928
- https://vuldb.com/?id.275114
- https://wiki.shikangsi.com/post/share/da0292b8-0f92-4e6e-bdb7-73f47b901acd
- https://github.com/bigb0x/CVE-2024-7928/

File Snapshot


 [4.0K]  /data/pocs/fc63914f6055ac11fa86d2c71ebb1755608547bf
├── [6.0K]  CVE-2024-7928.py
├── [ 773]  README.md
├── [  17]  requirements.txt
└── [831K]  screen.jpg

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!