Skip to content

airbus-cert/CVE-2024-4040

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 
 
 

Repository files navigation

CVE-2024-4040 - exploit scanners

This repository contains files related to CVE-2024-4040 (CrushFTP VFS escape).

scan_host.py

This script attempts to use the vulnerability to read files outside the sandbox. If it succeeds, the script writes Vulnerable to standard output and returns with exit code 1. If exploiting the vulnerability does not succeed, the script writes Not vulnerable and exits with status code 0.

The script depends on the requests library.

scan_logs.py

This script looks for indicators of compromise in a CrushFTP server installation directory. It is basically equivalent to running the following command:

$ grep -F -r '<INCLUDE>' /path/to/CrushFTP/logs/

For each match, it will attempt to extract the IP which tried to exploit the server.

Releases

No releases published

Packages

No packages published