Share
## https://sploitus.com/exploit?id=9BF9841C-EB56-52A8-914C-1E61893B5E32
# CVE-2024-27292 : Docassemble V1.4.96 Unauthenticated Path Traversal

CVEHunter tool for vulnerability detection and exploitation tool for CVE-2024-27292 with Asychronous Performance.

### Installation
```bash
git clone https://github.com/th3gokul/CVE-2024-27292.git
cd CVE-2024-27292
pip install -r requirements.txt
python3 cvehunter.py --help
```
### Usage
```bash
python3 cvehunter.py -h

  ____ __     __ _____  _   _                _               
 / ___|\ \   / /| ____|| | | | _   _  _ __  | |_   ___  _ __ 
| |     \ \ / / |  _|  | |_| || | | || '_ \ | __| / _ \| '__|
| |___   \ V /  | |___ |  _  || |_| || | | || |_ |  __/| |   
 \____|   \_/   |_____||_| |_| \__,_||_| |_| \__| \___||_| 
     CVE-2024-27292                      @th3gokul

[Description]: Vulnerability Detection and Exploitation
tool for CVE-2024-27292

options:
  -h, --help            show this help message and exit
  -u URL, --url URL     [INF]: Specify a URL or domain
                        for vulnerability detection
  -l LIST, --list LIST  [INF]: Specify a list of URLs
                        for vulnerability detection
  -t THREADS, --threads THREADS
                        [INF]: Number of threads for
                        list of URLs
  -proxy PROXY, --proxy PROXY
                        [INF]: Proxy URL to send request
                        via your proxy
  -v, --verbose         [INF]: Increases verbosity of
                        output in console
  -o OUTPUT, --output OUTPUT
                        [INF]: Filename to save output
                        of vulnerable target]
```
### About
The tool is Developed by [th3Gokul](https://www.linkedin.com/in/gokul-v-13455521a/) to detect and exploit the CVE-2024-27292 - Docassemble V1.4.96 Unauthenticated Path Traversal
### Disclaimer
The tool is only for education and ethical purpose only and Developers are not responsible for any illegal exploitations.
### Reference 
https://tantosec.com/blog/docassemble/