search

ronin-rb / community-pocs

A repository of PoCs for ronin-exploits
https://ronin-rb.dev
GNU General Public License v3.0
0 stars 2 forks source link

Add PoC exploit for CVE-2024-4040 #16

Closed postmodern closed 2 months ago

postmodern commented 3 months ago

Add a PoC exploit for CVE-2024-4040, unauthenticated server side template injection (SSTI) vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0.

Reference PoCs

Vuln App

How to Submit a PoC

See the CONTRIBUTING file for instructions on how to submit a PoC exploit.

postmodern commented 2 months ago

Ended up adapting the Dockerfile:

FROM ubuntu:latest
WORKDIR /var/opt
RUN apt-get update -qq && \
    apt-get install -qq -y unzip wget openjdk-17-jre-headless && \
    wget -q https://github.com/the-emmons/CVE-2023-43177/releases/download/crushftp_software/CrushFTP10.zip && \
    unzip CrushFTP10.zip

EXPOSE 21
EXPOSE 8080
EXPOSE 443
EXPOSE 2222
WORKDIR /var/opt/CrushFTP10
CMD java -Xmx1024m -jar CrushFTP.jar -d
$ docker built -t vuln-crushftp .
$ docker run -p 2121:21 -p 4443:443 -p 8080:8080 -p 9090:9090 -p 2222:2222 vuln-crushftp