CVE-2024-28995 Automated Path Traversal & Local File Read

Features

Version Detection: Retrieves the Serv-U version from the server header.
Vulnerability Check: Compares the detected version against a known vulnerable version (15.4.2 or lower).
Default Path Testing: Tests predefined paths for both Windows and Linux to determine if the server is vulnerable.
Custom Path Testing: Allows users to specify custom directory and file paths to test for file read vulnerability.
Wordlist Path Testing: Supports the use of a wordlist for testing multiple paths for file read vulnerability.

Usage

To use this tool, you need to have Python installed. Run the script with the appropriate arguments:

python3 CVE-2024-28995.py -u <URL> [-d <Directory Path>] [-f <File Name>] [-w <Wordlist>]

Arguments

-u, --url: URL to exploit (required).
-d, --dir: Directory path for File Read (e.g., ProgramData/RhinoSoft/Serv-U/).
-f, --file: File to read for File Read (e.g., Serv-U-StartupLog.txt or passwd).
-w, --wordlist: Wordlist for additional paths to test.

Example

python3 CVE-2024-28995.py -u http://example.com -d ProgramData/RhinoSoft/Serv-U/ -f Serv-U-StartupLog.txt

References

https://www.labs.greynoise.io/grimoire/2024-06-solarwinds-serv-u/

https://github.com/bigb0x/CVE-2024-28995

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
CVE-2024-28995.py		CVE-2024-28995.py
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CVE-2024-28995 Automated Path Traversal & Local File Read

Features

Usage

Arguments

About

Releases

Packages

Languages

Stuub/CVE-2024-28995

Folders and files

Latest commit

History

Repository files navigation

CVE-2024-28995 Automated Path Traversal & Local File Read

Features

Usage

Arguments

About

Topics

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages