CVE-2024-28995

This exploit demonstrates a directory traversal vulnerability in SolarWinds Serv-U versions <= 15.4.2 HF1, allowing attackers to read sensitive files on both Windows and Linux systems. It includes multiple path traversal techniques to access Serv-U log files and other system files.

This repository contains a Python script that exploits CVE-2024-28995, a path traversal vulnerability in Serv-U versions 15.4.2 and below. The script automates version detection, vulnerability checking, and file read exploitation via path traversal.

This repository contains a scanner for CVE-2024-28995, a directory traversal vulnerability in SolarWinds Serv-U. The tool checks for vulnerable paths and identifies exposed sensitive files on both Windows and Linux systems.

This is a functional exploit for CVE-2024-28995, a directory traversal vulnerability in SolarWinds Serv-U. The script includes multiple payloads to read sensitive files on both Windows and Linux systems, with version detection and OS fingerprinting.

This is a Python-based exploit for CVE-2024-28995, a directory traversal vulnerability in SolarWinds Serv-U. It attempts to read sensitive files by manipulating the `InternalDir` and `InternalFile` parameters in the target URL.

This is a Python-based exploit for CVE-2024-28995, a directory traversal vulnerability in SolarWinds Serv-U. It allows an attacker to read arbitrary files on the target system by manipulating the `InternalDir` and `InternalFile` parameters.

This repository provides a scanner tool for CVE-2024-28995, which targets Serv-U for arbitrary file read vulnerabilities. The tool supports single and batch URL scanning with proxy and threading options.

This is a functional exploit for CVE-2024-28995, an unauthenticated directory traversal vulnerability in SolarWinds Serv-U. It allows reading arbitrary files on both Windows and Linux systems by manipulating the `InternalDir` and `InternalFile` parameters.

This is a Nuclei template for detecting CVE-2024-28995, a directory traversal vulnerability in Serv-U versions 15.4.2 and below. It checks for the ability to read sensitive files like /etc/passwd via a crafted GET request.

This repository provides a Nuclei template and Shodan queries for detecting SolarWinds Serv-U instances vulnerable to CVE-2024-28995, a directory traversal vulnerability. It includes a command to scan targets using Nuclei and Shodan dorks for identification.

This Go-based PoC scans for CVE-2024-28995, a directory traversal vulnerability in SolarWinds Serv-U, by checking for sensitive file access via crafted paths. It reads target IPs from a file and tests for Windows/Linux file disclosure.

This Metasploit module exploits an unauthenticated directory traversal vulnerability in SolarWinds Serv-U to read arbitrary files. It sends a crafted HTTP GET request with path traversal sequences to access files outside the intended directory.