关联漏洞
标题:
FastAdmin 路径遍历漏洞
(CVE-2024-7928)
描述:FastAdmin是Karson个人开发者的一套基于ThinkPHP和Bootstrap的网站后台开发框架。 FastAdmin 1.3.4.20220530之前版本存在路径遍历漏洞,该漏洞源于存在任意文件读取漏洞,攻击者利用此漏洞可以获取系统敏感信息。
描述
CVE-2024-7928 fastadmin vulnerability POC & Scanning
介绍
# CVE-2024-7928
POC for CVE-2024-7928. Will attempt to retrieve DB details for FastAdmin instances.
## How to Use
FOFA : app="FASTADMIN"
### Install the script requirements:
```sh
pip install -r requirements.txt
```
### Single Target:
```sh
python CVE-2024-7928.py -u https://target:9090
```
### Bulk Sscan:
```sh
python CVE-2024-7928.py -f file.txt
```
## Disclaimer
#WARNING!!!
This tool is provided for educational and research purposes only. The creator assumes no responsibility for any misuse or damage caused by the tool.
## References
- https://nvd.nist.gov/vuln/detail/CVE-2024-7928
- https://vuldb.com/?id.275114
- https://wiki.shikangsi.com/post/share/da0292b8-0f92-4e6e-bdb7-73f47b901acd
- https://github.com/bigb0x/CVE-2024-7928/
文件快照
[4.0K] /data/pocs/1d9a678d87de89806a0a395dd137ed16623e7bf0
├── [6.0K] CVE-2024-7928.py
├── [ 773] README.md
├── [ 17] requirements.txt
└── [831K] screen.jpg
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。