## https://sploitus.com/exploit?id=73A1B27C-9E4B-5BCA-A723-16AD9BB30AE9
# CVE-2024-28987 Exploit & Scanner
A Python-based exploit and scanner for the **CVE-2024-28987** vulnerability affecting SolarWinds Web Help Desk. This tool enables security researchers to identify and interact with vulnerable endpoints and explore various potential vectors in the Web Help Desk system.
## Features
- **Vulnerability Detection**: Test if the target is vulnerable to CVE-2024-28987 by attempting to access the `/OrionTickets` endpoint.
- **Fetch Tickets**: Retrieve and save all helpdesk tickets from the vulnerable endpoint.
- **Experimental Features**:
- **Create Tickets**: Submit a new helpdesk ticket.
- **Update Tickets**: Modify existing helpdesk ticket details.
- **Delete Tickets**: Remove a helpdesk ticket by ID.
- **Colored Terminal Output**: Provides a visually clear interface with status messages in different colors for easy identification.
## Requirements
- Python 3.x
- `requests`
- **Note**: The script suppresses SSL warnings, as it's intended for use in secure testing environments.
## Installation
1. Clone the repository:
```bash
git clone https://github.com/PlayerFridei/CVE-2024-28987
cd CVE-2024-28987
```
2. Install required Python packages:
```bash
pip install -r requirements.txt
```
## Usage
```bash
python3 exploit.py <target_ip>
```
### Example
```bash
python3 exploit.py 192.168.1.100
```
## Menu Options
1. **Fetch All Tickets**: Retrieve all helpdesk tickets and save them to `tickets.txt`.
2. **(Experimental) Create a New Ticket**: Add a new helpdesk ticket to the system (may not always succeed).
3. **(Experimental) Update an Existing Ticket**: Modify the subject and details of an existing helpdesk ticket.
4. **(Experimental) Delete a Ticket**: Attempt to delete a helpdesk ticket by providing its ID.
5. **Exit**: Exit the program.
### Notes
- The experimental features (create, update, delete) are provided for testing and exploration, educational and research purposes and may not always function correctly depending on system permissions and configurations.
- The tool is intended for **educational and authorized security testing only**. Always have permission to test and never use on unauthorized systems.
## Banner
The script comes with a custom ASCII banner for a personalized touch when running the tool.
# Disclaimer
> Before using this software, you agree to the terms outlined in our [SECURITY.md](SECURITY.md) policy.
## License
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.