Skip to content
/ CVE-2024-28987 Public

CVE-2024-28987 Scanner & Exploiter - SolarWinds Web Help Desk

License

MIT license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

PlayerFridei/CVE-2024-28987

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
.gitattributes
.gitattributes
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 
exploit.py
exploit.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

CVE-2024-28987 Exploit & Scanner

A Python-based exploit and scanner for the CVE-2024-28987 vulnerability affecting SolarWinds Web Help Desk. This tool enables security researchers to identify and interact with vulnerable endpoints and explore various potential vectors in the Web Help Desk system.

Features

  • Vulnerability Detection: Test if the target is vulnerable to CVE-2024-28987 by attempting to access the /OrionTickets endpoint.
  • Fetch Tickets: Retrieve and save all helpdesk tickets from the vulnerable endpoint.
  • Experimental Features:
    • Create Tickets: Submit a new helpdesk ticket.
    • Update Tickets: Modify existing helpdesk ticket details.
    • Delete Tickets: Remove a helpdesk ticket by ID.
  • Colored Terminal Output: Provides a visually clear interface with status messages in different colors for easy identification.

Requirements

  • Python 3.x
  • requests
  • Note: The script suppresses SSL warnings, as it's intended for use in secure testing environments.

Installation

  1. Clone the repository: 
    git clone https://github.com/PlayerFridei/CVE-2024-28987
cd CVE-2024-28987
  2. Install required Python packages: 
    pip install -r requirements.txt

Usage

python3 exploit.py <target_ip>

Example

python3 exploit.py 192.168.1.100

Menu Options

  1. Fetch All Tickets: Retrieve all helpdesk tickets and save them to tickets.txt.
  2. (Experimental) Create a New Ticket: Add a new helpdesk ticket to the system (may not always succeed).
  3. (Experimental) Update an Existing Ticket: Modify the subject and details of an existing helpdesk ticket.
  4. (Experimental) Delete a Ticket: Attempt to delete a helpdesk ticket by providing its ID.
  5. Exit: Exit the program.

Notes

  • The experimental features (create, update, delete) are provided for testing and exploration, educational and research purposes and may not always function correctly depending on system permissions and configurations.
  • The tool is intended for educational and authorized security testing only. Always have permission to test and never use on unauthorized systems.

Banner

The script comes with a custom ASCII banner for a personalized touch when running the tool.

Disclaimer

Before using this software, you agree to the terms outlined in our SECURITY.md policy.

License

This project is licensed under the MIT License - see the LICENSE file for details.

About

CVE-2024-28987 Scanner & Exploiter - SolarWinds Web Help Desk

Resources

Readme

License

MIT license

Security policy

Security policy
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages