CVE-2024-4040 - exploit scanners | CrushFTP VFS escape

[dEEpEst]

Description

A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.

This repository contains files related to

This is the hidden content, please

• Sign In
• or
• Sign Up

(CrushFTP VFS escape).

 

scan_host.py

This script attempts to use the vulnerability to read files outside the sandbox. If it succeeds, the script writes Vulnerable to standard output and returns with exit code 1. If exploiting the vulnerability does not succeed, the script writes Not vulnerable and exits with status code 0.

The script depends on the

This is the hidden content, please

• Sign In
• or
• Sign Up

library.

Code scan_host.py

This is the hidden content, please

• Sign In
• or
• Sign Up

 

scan_logs.py

This script looks for indicators of compromise in a CrushFTP server installation directory. It is basically equivalent to running the following command:

 

This is the hidden content, please

• Sign In
• or
• Sign Up

For each match, it will attempt to extract the IP which tried to exploit the server.

Code scan_logs.py

This is the hidden content, please

• Sign In
• or
• Sign Up

 

Download 

This is the hidden content, please

• Sign In
• or
• Sign Up