SolarWinds Serv-U File Server (Serv-U) is a multi-protocol file server capable of sending and receiving files from other networked computers through various means.
CVE-2024-28995 is an unauthenticated directory transversal vulnerability in SolarWinds Serv-U that would allow an attacker to read sensitive files on the target machine.
Affected product and versions: SolarWinds Serv-U 15.4.2 HF 1 and previous versions
Shodan product:"Rhinosoft Serv-U httpd,rhinosoft serv-u httpd"
Usage: python3 exploit.py -u targetURL
Usage example: python3 exploit.py -u https://127.0.0.1/
Disclaimer: This exploit is to be used only for educational and authorized testing purposes. Illegal/unauthorized use of this exploit is prohibited. I am not responsible for any misuse or damage caused by this script.
https://attackerkb.com/topics/2k7UrkHyl3/cve-2024-28995/rapid7-analysis