This repository contains a proof-of-concept (PoC) and a bulk scanner for the SolarWinds Serv-U CVE-2024-28995 directory traversal vulnerability. This vulnerability allows unauthorized access to read sensitive files on the host machine. The vulnerability was discovered and reported by Hussein Daher.
- Single Target Scan: Scan a single URL for the CVE-2024-28995 vulnerability.
- Bulk Scan: Scan multiple URLs from a file for the CVE-2024-28995 vulnerability.
- Multi-threading: Utilizes multi-threading to scan multiple targets concurrently.
- Multiple payloads: The script checks for two payloads for CVE-2024-28995 vulnerability.
To scan a single target IP:
python cve-2024-28995.py -ip IPTo mass scan bulk targets IPs:
python cve-2024-28995.py -f targets.txtTo scan a single target URL:
[01:55:10][INFO] Vulnerable Windows Device: https://IP- Python 3.6 or higher
requestslibrary
git clone https://github.com/bigb0x/CVE-2024-28995.git cve-2024-28995; cd cve-2024-28995Install the required packages using pip:
pip install requestsThis tool was created by M Ali. More details can be found in this post
This project is licensed under the MIT License.
This provided tool is for educational purposes only. I do not encourage, condone, or support unauthorized access to any system or network. Use this tool responsibly and only on systems you have explicit permission to test. Any actions and consequences resulting from misuse of this tool are your own responsibility.