CVE-2024-4040

This repository contains a functional exploit for CVE-2024-4040, targeting CrushFTP's SSTI and LFI vulnerabilities. The PoC automates session token generation, SSTI exploitation, and LFI to read arbitrary files, including session tokens for privilege escalation.

This repository contains scanner scripts for CVE-2024-4040, a CrushFTP VFS escape vulnerability. The scripts detect the vulnerability by attempting to read files outside the sandbox and check logs for exploitation traces.

The repository contains a functional Python exploit for CVE-2024-4040, a server-side template injection vulnerability in CrushFTP. The exploit reads arbitrary files from the filesystem by leveraging unauthenticated access and a crafted request to the '/WebInterface/function/' endpoint.

This repository contains a functional exploit for CVE-2024-4040, targeting a Server-Side Template Injection (SSTI) vulnerability in CrushFTP. The exploit establishes a session, retrieves authentication cookies, and leverages the SSTI to execute arbitrary commands and extract files.

The repository contains a Python script that scans for CVE-2024-4040, a server-side template injection vulnerability in CrushFTP. It checks for the presence of a specific response pattern to determine vulnerability but does not include exploit code for remote code execution.

This exploit targets CVE-2024-4040 in CrushFTP, leveraging a server-side template injection vulnerability to read the 'sessions.obj' file and extract valid authentication tokens. It then verifies these tokens to gain unauthorized access to user accounts.

This repository contains a functional exploit for CVE-2024-4040, leveraging a malicious MySQL JDBC driver to execute arbitrary commands. The exploit embeds command execution logic within the `connect` method of a custom `NonRegisteringDriver` class, decoding and executing base64-encoded commands provided via the `user` property.

The repository contains a functional Python exploit for CVE-2024-4040, a file read vulnerability in CrushFTP versions below 10.7.1 and 11.1.0. The exploit leverages improper path handling in the 'exists' command to read arbitrary files, including session tokens and configuration files.

The repository contains a scanner for CVE-2024-21762, which checks for the presence of the vulnerability in Fortinet SSL VPN interfaces by sending crafted HTTP requests. It does not include exploit code but provides detection capabilities.

This repository contains a scanner for CVE-2024-4040, a vulnerability in CrushFTP VFS allowing unauthorized file access. The scripts include a mass scanner with multithreading and a log analyzer for detecting exploitation attempts.

This repository contains a scanner for CVE-2024-4040, a vulnerability in CrushFTP VFS allowing unauthorized file access. The scripts include a mass scanner with multithreading and a log analyzer to detect exploitation attempts.

The repository contains functional exploit code for CVE-2024-4040, targeting CrushFTP10. The scripts demonstrate command injection vulnerabilities in the `pcastaction_wrapper.sh` and `qlmanage_wrapper.sh` files, which are used for generating preview icons and thumbnails.

This repository contains a functional Python exploit for CVE-2024-4040, an authentication bypass vulnerability in CrushFTP v10.x. The exploit crafts a forged CrushAuth cookie and AWS-style Authorization header to bypass authentication and access internal web functions.

This is a Nuclei template designed to detect CVE-2024-4040, a VFS sandbox escape vulnerability in CrushFTP. It sends a crafted POST request to exploit the vulnerability and checks for the presence of 'root:' in the response to confirm successful exploitation.

This repository contains a functional exploit for CVE-2024-4040, targeting CrushFTP's Server-Side Template Injection (SSTI) and Local File Inclusion (LFI) vulnerabilities. The exploit automates session token extraction, SSTI exploitation, and LFI to extract sensitive files like user groups and session objects.

This script checks for the presence of CVE-2024-4040 by sending a crafted POST request to a target and checking for a specific response pattern. It does not exploit the vulnerability but scans for its presence.

This repository contains a functional Python exploit for CVE-2024-4040, a server-side template injection vulnerability in CrushFTP. The exploit demonstrates unauthenticated file inclusion and vulnerability testing by leveraging the 'INCLUDE' tag in crafted HTTP requests.

The repository contains a functional exploit for CVE-2024-4040, a server-side template injection vulnerability in CrushFTP. The exploit allows unauthenticated remote attackers to read arbitrary files from the filesystem, bypass authentication, and potentially achieve remote code execution.

The repository contains only a minimal README with no exploit code, technical details, or functional content. It is a placeholder with no substantive information about CVE-2024-4040.

The repository contains a functional Python exploit for CVE-2024-4040, a server-side template injection vulnerability in CrushFTP. The PoC demonstrates unauthenticated file read capabilities by leveraging a crafted request to the '/WebInterface/function/' endpoint with a malicious 'path' parameter.

This exploit targets CVE-2024-4040 in CrushFTP, leveraging a server-side template injection vulnerability to read the 'sessions.obj' file and extract valid authentication tokens. It then verifies these tokens to gain unauthorized access to user accounts.

This Metasploit module exploits an unauthenticated server-side template injection vulnerability in CrushFTP to achieve arbitrary file read as root. It leverages the 'zip' or 'exists' API functions to inject payloads that are evaluated server-side, allowing file exfiltration.