## https://sploitus.com/exploit?id=243D902E-9DD4-565F-B68F-0B5160D0231F
# CVE-2024-4040: CrushFTP File Read Vulnerability
## Overview
On April 19, 2024, a new zero-day vulnerability affecting CrushFTP versions below 10.7.1 and 11.1.0, as well as legacy 9.x versions, was disclosed to a private mailing list by the managed file transfer vendor CrushFTP. Initially, no CVE was assigned by the vendor, but CVE-2024-4040 was later issued by a third-party CVE Numbering Authority (CNA) on April 22.
This exploit script is written for a CVE analysis on [vsociety](https://www.vicarius.io/vsociety/).
## Impact
As reported by Rapid7, CrowdStrike, and added to the CISA KEV, CVE-2024-4040 has been actively exploited in the wild. Airbus CERT, who discovered the issue, released proof-of-concept code on April 23. Over 5,200 instances of CrushFTP exposed to the public internet are potentially at risk.
## Fixed Versions
- CrushFTP 10.7.1
- CrushFTP 11.1.0
Users of affected versions are urged to update immediately to mitigate the risk associated with this vulnerability.
## Features
- **Read Files**: Allows you to specify a file path on the server to read.
- **Get Admin Session**: Attempts to retrieve admin session tokens from the server.
- **Vulnerability Check**: Checks if the CrushFTP instance is vulnerable to the exploit.
## Prerequisites
Before you begin, ensure you have the following installed:
- Python 3.6 or higher
- `requests` library
You can install the required Python libraries using pip:
```bash
pip install requests
```
## Usage
To use the script, you need to pass certain parameters based on what you want to achieve. Below are the usage instructions for each feature:
#### General Usage
```bash
python exploit.py -t <target-url>
```
#### Reading a File
```bash
python exploit.py -t <target-url> -r <path-to-file>
```
#### Obtaining session tokens
The script first downloads the `sessions.obj` serialized Java file that contains the session tokens.
```bash
python exploit.py -t <target-url> -s
```
#### Performing a vulnerability check
```bash
python exploit.py -t <target-url> -c
```
# Disclaimer
This exploit script has been created solely for the purposes of research and for the development of effective defensive techniques. It is not intended to be used for any malicious or unauthorized activities. The author and owner of the script disclaim any responsibility or liability for any misuse or damage caused by this software. Users are urged to use this software responsibly and only in accordance with applicable laws and regulations.