Exploit for Path Traversal in Solarwinds Serv-U CVE-2024-28955 CVE-2024-28995

## https://sploitus.com/exploit?id=A11E2B46-0E50-5883-BA3A-7CDED3BDB353
# CVE-2024-28995 Automated Path Traversal & Local File Read

## Features

- **Version Detection**: Retrieves the Serv-U version from the server header.
- **Vulnerability Check**: Compares the detected version against a known vulnerable version (`15.4.2` or lower).
- **Default Path Testing**: Tests predefined paths for both Windows and Linux to determine if the server is vulnerable.
- **Custom Path Testing**: Allows users to specify custom directory and file paths to test for file read vulnerability.
- **Wordlist Path Testing**: Supports the use of a wordlist for testing multiple paths for file read vulnerability.

## Usage

To use this tool, you need to have Python installed. Run the script with the appropriate arguments:

```sh
python3 CVE-2024-28995.py -u <URL> [-d <Directory Path>] [-f <File Name>] [-w <Wordlist>]
```

## Arguments

    -u, --url: URL to exploit (required).
    -d, --dir: Directory path for File Read (e.g., ProgramData/RhinoSoft/Serv-U/).
    -f, --file: File to read for File Read (e.g., Serv-U-StartupLog.txt or passwd).
    -w, --wordlist: Wordlist for additional paths to test.

Example

```sh
python3 CVE-2024-28995.py -u http://example.com -d ProgramData/RhinoSoft/Serv-U/ -f Serv-U-StartupLog.txt
```

![image](https://github.com/Stuub/CVE-2024-28995/assets/60468836/609935ce-efd4-4263-9911-054fe1f5f83a)

![image](https://github.com/Stuub/CVE-2024-28995/assets/60468836/cbe8d8bf-bb2e-4db9-9d46-5dcc3a8d635a)

![image](https://github.com/Stuub/CVE-2024-28995/assets/60468836/d3536c03-048f-4d91-a020-087822ebf5c7)


References

https://www.labs.greynoise.io/grimoire/2024-06-solarwinds-serv-u/

https://github.com/bigb0x/CVE-2024-28995