CVE-2024-7928

This PoC exploits a directory traversal vulnerability in FastAdmin to retrieve database configuration details. It sends a crafted request to expose sensitive information such as database credentials.

This PoC exploits CVE-2024-7928 to retrieve database configuration details from vulnerable FastAdmin instances via a path traversal vulnerability. It sends a crafted request to expose sensitive database credentials and connection details.

This repository contains a Python-based exploit tool for CVE-2024-7928, an arbitrary file reading vulnerability in FastAdmin versions prior to V1.3.4.20220530. The tool detects and exploits the vulnerability to retrieve database configuration details by leveraging a path traversal flaw in the language file endpoint.

This repository contains a functional exploit for CVE-2024-7928, a path traversal vulnerability in FastAdmin up to version 1.3.3.20220121. The exploit leverages the vulnerable endpoint `/index/ajax/lang` to traverse directories and leak database credentials from the application's configuration file.

This exploit targets a path traversal vulnerability in FastAdmin up to version 1.3.3.20220121, allowing remote attackers to read sensitive database configuration files via the `/index/ajax/lang` endpoint. The script uses asynchronous HTTP requests to check for vulnerability and extract database credentials.

This repository contains a functional exploit PoC for CVE-2024-7928, which targets FastAdmin instances to retrieve database details via an unauthenticated path traversal vulnerability. The script sends a crafted request to expose sensitive database configuration information.