CVE-2024-0204

This exploit demonstrates an authentication bypass vulnerability in Fortra GoAnywhere MFT versions prior to 7.4.1 by leveraging path traversal to access the initial account setup wizard, allowing unauthenticated attackers to create an administrator account.

The repository contains a functional Python script that exploits an authentication bypass vulnerability in GoAnywhere MFT by creating a new admin user via a crafted HTTP request. The exploit leverages a path traversal flaw to access the initial account setup page and bypasses authentication checks.

This script scans for CVE-2024-0204 by checking if the GoAnywhere endpoint '/goanywhere/images/..;/wizard/InitialAccountSetup.xhtml' returns a 200 status code, indicating vulnerability. It does not exploit the vulnerability but detects its presence.

This repository contains a functional Python exploit for CVE-2024-0204, an authentication bypass vulnerability in Fortra GoAnywhere MFT versions prior to 7.4.1. The exploit leverages path traversal to access the initial account setup wizard and create an administrator account.

This repository contains a functional exploit for CVE-2024-0204, an authentication bypass vulnerability in Fortra GoAnywhere MFT. The exploit leverages path traversal to access the InitialAccountSetup.xhtml endpoint and create an administrative user without authentication.

This repository contains a functional exploit for CVE-2024-0204, an authentication bypass vulnerability in GoAnywhere MFT. The script creates a new admin user by exploiting a path traversal flaw in the InitialAccountSetup.xhtml endpoint.

The repository contains a functional exploit for CVE-2023-49442, targeting JEECG's jeecgFormDemoController interface. The exploit leverages path traversal to bypass authentication and FastJSON deserialization for remote code execution via JNDI injection.

This Metasploit module exploits CVE-2024-0204, an authentication bypass in Fortra GoAnywhere MFT, to create an admin account and achieve RCE via JSP payload upload. It leverages a path traversal technique to access the InitialAccountSetup endpoint.