Share
## https://sploitus.com/exploit?id=73A1B27C-9E4B-5BCA-A723-16AD9BB30AE9
# CVE-2024-28987 Exploit & Scanner

A Python-based exploit and scanner for the **CVE-2024-28987** vulnerability affecting SolarWinds Web Help Desk. This tool enables security researchers to identify and interact with vulnerable endpoints and explore various potential vectors in the Web Help Desk system.

## Features

- **Vulnerability Detection**: Test if the target is vulnerable to CVE-2024-28987 by attempting to access the `/OrionTickets` endpoint.
- **Fetch Tickets**: Retrieve and save all helpdesk tickets from the vulnerable endpoint.
- **Experimental Features**: 
  - **Create Tickets**: Submit a new helpdesk ticket.
  - **Update Tickets**: Modify existing helpdesk ticket details.
  - **Delete Tickets**: Remove a helpdesk ticket by ID.
- **Colored Terminal Output**: Provides a visually clear interface with status messages in different colors for easy identification.

## Requirements

- Python 3.x
- `requests`
- **Note**: The script suppresses SSL warnings, as it's intended for use in secure testing environments.

## Installation

1. Clone the repository:
    ```bash
    git clone https://github.com/PlayerFridei/CVE-2024-28987
    cd CVE-2024-28987
    ```
2. Install required Python packages:
    ```bash
    pip install -r requirements.txt
    ```

## Usage

```bash
python3 exploit.py <target_ip>
```

### Example
```bash
python3 exploit.py 192.168.1.100
```

## Menu Options

1. **Fetch All Tickets**: Retrieve all helpdesk tickets and save them to `tickets.txt`.
2. **(Experimental) Create a New Ticket**: Add a new helpdesk ticket to the system (may not always succeed).
3. **(Experimental) Update an Existing Ticket**: Modify the subject and details of an existing helpdesk ticket.
4. **(Experimental) Delete a Ticket**: Attempt to delete a helpdesk ticket by providing its ID.
5. **Exit**: Exit the program.

### Notes
- The experimental features (create, update, delete) are provided for testing and exploration, educational and research purposes and may not always function correctly depending on system permissions and configurations.
- The tool is intended for **educational and authorized security testing only**. Always have permission to test and never use on unauthorized systems.

## Banner

The script comes with a custom ASCII banner for a personalized touch when running the tool.

# Disclaimer

> Before using this software, you agree to the terms outlined in our [SECURITY.md](SECURITY.md) policy.


## License

This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.