CVE-2024-4040

Hi 👋, I'm Abdualhadi Khalifa I am a passionate person and committed to success in development in the fields of technology in general, and information security in particular I have a strong background in this field and different skills that enable me to interact in this field I have worked on many projects in information security And I wrote tools for me to detect vul

exploit for CVE-2024-4040

CVE-2024-4040 exploit for CVE-2024-4040

Exploit Code for CVE-2024-4040 Overview This exploit code targets the CVE-2024-4040 vulnerability, allowing unauthorized access to user accounts by reading and validating tokens stored in the "sessionsobj" file If the tokens are valid, hackers can gain entry to the targeted accounts Unlike other methods exploiting similar vulnerabilities such as CVE-2023-43177, thi

CVE-2024-4040 CrushFTP SSTI LFI & Auth Bypass | Full Server Takeover | Wordlist Support

CVE-2024-4040 SSTI & LFI PoC - Exploitation | CrushFTP This is a proof of concept for a Server Side Template Injection (SSTI) & Local File Inclusion (LFI) vulnerability in CrushFTP Features Taking leverage of Critical Severity Vulnerabilities in CrushFTP servers through Server Side Template Injection (SSTI) & Authentication Bypassing Elevating this exp

CVE-2024-4040 (CrushFTP VFS escape) or (CrushFTP unauthenticated RCE)

CVE-2024-4040-RCE-POC CVE-2024-4040 (CrushFTP VFS escape) or (CrushFTP unauthenticated RCE) This script attempts to execute command on affected installation of the crushftp and ofcourse no authentication and/or user interaction is needed to acheive RCE you can execute command on multiple ip adresses in multi-threading functionality Usage: python CVE-2024-4040py -f (ip list)

Exploit Tool to CrushFTP

CVE-2024-4040 Exploit Tool to CrushFTP Download File to Exploit Toolkit: satoshidiskcom/pay/CLFd5f

A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.

CVE-2024-4040 A server side template injection vulnerability in CrushFTP in all versions before 1071 and 1110 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server Usage python poc -u examplecom -p /p

CVE-2024-4040 - exploit scanners This repository contains files related to CVE-2024-4040 (CrushFTP VFS escape) scan_hostpy This script attempts to use the vulnerability to read files outside the sandbox If it succeeds, the script writes Vulnerable to standard output and returns with exit code 1 If exploiting the vulnerability does not succeed, the script writes Not vulnerab

Scanner for CVE-2024-4040

CVE-2024-4040 - exploit scanners This repository contains files related to CVE-2024-4040 (CrushFTP VFS escape) scan_hostpy This script attempts to use the vulnerability to read files outside the sandbox If it succeeds, the script writes Vulnerable to standard output and returns with exit code 1 If exploiting the vulnerability does not succeed, the script writes Not vulnerab

Scanner of vulnerability on crushftp instance

CVE-2024-4040-Scanner Scanner of vulnerability on crushftp instance

CVE-2024-4040 A server side template injection vulnerability in CrushFTP in all versions before 1071 and 1110 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server This repository is a POC of how can attacker

CVE-2024-4040 CrushFTP SSTI LFI & Auth Bypass | Full Server Takeover

CrushFTP SSTI & LFI PoC (CVE-2024-4040) This is a proof of concept for a Server Side Template Injection (SSTI) vulnerability in CrushFTP Developer @stuub Features Auth Bypass SSTI LFI Documentation This vulnerability is a VFS sandbox escape in the CrushFTP managed file transfer service that allows remote attackers with low privileges to read files from the filesystem o

CVE-2024-4040 CrushFTP SSTI LFI & Auth Bypass | Full Server Takeover

CrushFTP SSTI & LFI PoC (CVE-2024-4040) This is a proof of concept for a Server Side Template Injection (SSTI) vulnerability in CrushFTP Developer @stuub Features Auth Bypass SSTI LFI Documentation This vulnerability is a VFS sandbox escape in the CrushFTP managed file transfer service that allows remote attackers with low privileges to read files from the filesystem o

Exploit for CVE-2024-4040 affecting CrushFTP server in all versions before 10.7.1 and 11.1.0 on all platforms

CVE-2024-4040-CrushFTP-server CrushFTP is a proprietary multi-protocol, multi-platform file transfer server CVE-2024-4040 - A server side template injection vulnerability in CrushFTP in all versions before 1071 and 1110 on all platforms allows unauthenticated remote attackers to read any files from the filesystem outside of the VFS Sandbox, bypass authentication to gain ad