# CVE-2024-28995 Automated Path Traversal & Local File Read

## Features

- **Version Detection**: Retrieves the Serv-U version from the server header.
- **Vulnerability Check**: Compares the detected version against a known vulnerable version (`15.4.2` or lower).
- **Default Path Testing**: Tests predefined paths for both Windows and Linux to determine if the server is vulnerable.
- **Custom Path Testing**: Allows users to specify custom directory and file paths to test for file read vulnerability.
- **Wordlist Path Testing**: Supports the use of a wordlist for testing multiple paths for file read vulnerability.

## Usage

To use this tool, you need to have Python installed. Run the script with the appropriate arguments:

python3 -u <URL> [-d <Directory Path>] [-f <File Name>] [-w <Wordlist>]

## Arguments

    -u, --url: URL to exploit (required).
    -d, --dir: Directory path for File Read (e.g., ProgramData/RhinoSoft/Serv-U/).
    -f, --file: File to read for File Read (e.g., Serv-U-StartupLog.txt or passwd).
    -w, --wordlist: Wordlist for additional paths to test.


python3 -u -d ProgramData/RhinoSoft/Serv-U/ -f Serv-U-StartupLog.txt