CVE-2024-4040 PoC

Python exploit for CVE-2024-4040

Description

A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.

Options

-h  --help               Show this screen.
-t  --target             Specify target URL
-f  --file               Specify file to include

Examples

Only test if vulnerable:     exploit.py -t http://10.10.1.23:8080
Include /etc/passwd:         exploit.py -t http://10.10.1.23:8080 -f /etc/passwd

Requirements

Python3

Installation

git clone https://github.com/1ncendium/CVE-2024-4040.git
cd CVE-2024-4040
python3 exploit.py -t http://target:8080

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
.gitattributes		.gitattributes
README.md		README.md
exploit.py		exploit.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CVE-2024-4040 PoC

Description

Options

Examples

Requirements

Installation

About

Releases

Packages

Languages

1ncendium/CVE-2024-4040

Folders and files

Latest commit

History

Repository files navigation

CVE-2024-4040 PoC

Description

Options

Examples

Requirements

Installation

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages