mirror/PoC-in-GitHub
1
0
Fork 0
mirror of https://github.com/nomi-sec/PoC-in-GitHub.git synced 2025-12-26 14:15:32 +01:00
Code Issues Projects Releases Packages Wiki Activity
PoC-in-GitHub/2024/CVE-2024-4040.json
motikan2010-bot c64de7db2f Auto Update 2025/11/06 18:43:48
2025-11-07 03:43:48 +09:00

595 lines
No EOL
21 KiB
JSON
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

[
{
"id": 790656600,
"name": "CVE-2024-4040",
"full_name": "airbus-cert\/CVE-2024-4040",
"owner": {
"login": "airbus-cert",
"id": 26453405,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/26453405?v=4",
"html_url": "https:\/\/github.com\/airbus-cert",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/airbus-cert\/CVE-2024-4040",
"description": "Scanner for CVE-2024-4040",
"fork": false,
"created_at": "2024-04-23T09:31:29Z",
"updated_at": "2025-11-06T14:50:11Z",
"pushed_at": "2024-05-17T06:48:43Z",
"stargazers_count": 50,
"watchers_count": 50,
"has_discussions": false,
"forks_count": 10,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 10,
"watchers": 50,
"score": 0,
"subscribers_count": 8
},
{
"id": 791624022,
"name": "CVE-2024-4040-Scanner",
"full_name": "tucommenceapousser\/CVE-2024-4040-Scanner",
"owner": {
"login": "tucommenceapousser",
"id": 129875733,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/129875733?v=4",
"html_url": "https:\/\/github.com\/tucommenceapousser",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/tucommenceapousser\/CVE-2024-4040-Scanner",
"description": "Scanner of vulnerability on crushftp instance",
"fork": false,
"created_at": "2024-04-25T04:01:23Z",
"updated_at": "2024-05-19T22:49:33Z",
"pushed_at": "2024-04-25T04:31:08Z",
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 1,
"score": 0,
"subscribers_count": 1
},
{
"id": 791636172,
"name": "CVE-2024-4040",
"full_name": "rbih-boulanouar\/CVE-2024-4040",
"owner": {
"login": "rbih-boulanouar",
"id": 79673409,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/79673409?v=4",
"html_url": "https:\/\/github.com\/rbih-boulanouar",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/rbih-boulanouar\/CVE-2024-4040",
"description": null,
"fork": false,
"created_at": "2024-04-25T04:45:38Z",
"updated_at": "2024-07-30T16:14:52Z",
"pushed_at": "2024-04-25T04:56:50Z",
"stargazers_count": 13,
"watchers_count": 13,
"has_discussions": false,
"forks_count": 2,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 2,
"watchers": 13,
"score": 0,
"subscribers_count": 1
},
{
"id": 791645744,
"name": "CVE-2024-4040",
"full_name": "Mufti22\/CVE-2024-4040",
"owner": {
"login": "Mufti22",
"id": 75854478,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/75854478?v=4",
"html_url": "https:\/\/github.com\/Mufti22",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/Mufti22\/CVE-2024-4040",
"description": "A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.",
"fork": false,
"created_at": "2024-04-25T05:18:06Z",
"updated_at": "2024-06-21T00:12:21Z",
"pushed_at": "2024-04-25T05:21:26Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 1
},
{
"id": 792008958,
"name": "CVE-2024-4040-SSTI-LFI-PoC",
"full_name": "Stuub\/CVE-2024-4040-SSTI-LFI-PoC",
"owner": {
"login": "Stuub",
"id": 60468836,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/60468836?v=4",
"html_url": "https:\/\/github.com\/Stuub",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/Stuub\/CVE-2024-4040-SSTI-LFI-PoC",
"description": "CVE-2024-4040 CrushFTP SSTI LFI & Auth Bypass | Full Server Takeover | Wordlist Support",
"fork": false,
"created_at": "2024-04-25T19:51:38Z",
"updated_at": "2025-11-06T07:54:29Z",
"pushed_at": "2024-07-07T23:47:58Z",
"stargazers_count": 58,
"watchers_count": 58,
"has_discussions": false,
"forks_count": 7,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [
"0day",
"arbitrary-file-read",
"crushftp",
"crushftp0day",
"cve",
"cve-2024-4040",
"cve-2024-4040-exploit",
"cve-2024-4040-poc",
"cve2024-4040",
"lfi",
"owasp",
"python",
"rce",
"sftp"
],
"visibility": "public",
"forks": 7,
"watchers": 58,
"score": 0,
"subscribers_count": 2
},
{
"id": 793110572,
"name": "CVE-2024-4040",
"full_name": "0xN7y\/CVE-2024-4040",
"owner": {
"login": "0xN7y",
"id": 70061541,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/70061541?v=4",
"html_url": "https:\/\/github.com\/0xN7y",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/0xN7y\/CVE-2024-4040",
"description": "exploit for CVE-2024-4040",
"fork": false,
"created_at": "2024-04-28T13:06:01Z",
"updated_at": "2024-10-23T13:17:06Z",
"pushed_at": "2024-04-28T13:06:01Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 1
},
{
"id": 793492567,
"name": "CVE-2024-4040-CrushFTP-server",
"full_name": "Praison001\/CVE-2024-4040-CrushFTP-server",
"owner": {
"login": "Praison001",
"id": 60835238,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/60835238?v=4",
"html_url": "https:\/\/github.com\/Praison001",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/Praison001\/CVE-2024-4040-CrushFTP-server",
"description": "Exploit for CVE-2024-4040 affecting CrushFTP server in all versions before 10.7.1 and 11.1.0 on all platforms",
"fork": false,
"created_at": "2024-04-29T10:21:53Z",
"updated_at": "2024-04-29T10:27:07Z",
"pushed_at": "2024-04-29T10:27:03Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 1
},
{
"id": 794110110,
"name": "CVE-2024-4040",
"full_name": "Mohammaddvd\/CVE-2024-4040",
"owner": {
"login": "Mohammaddvd",
"id": 108727157,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/108727157?v=4",
"html_url": "https:\/\/github.com\/Mohammaddvd",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/Mohammaddvd\/CVE-2024-4040",
"description": "Exploit CrushFTP CVE-2024-4040",
"fork": false,
"created_at": "2024-04-30T13:27:34Z",
"updated_at": "2025-07-23T02:23:59Z",
"pushed_at": "2024-04-30T13:36:33Z",
"stargazers_count": 5,
"watchers_count": 5,
"has_discussions": false,
"forks_count": 1,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 1,
"watchers": 5,
"score": 0,
"subscribers_count": 1
},
{
"id": 794593495,
"name": "CVE-2024-4040-CrushFTP-File-Read-vulnerability",
"full_name": "jakabakos\/CVE-2024-4040-CrushFTP-File-Read-vulnerability",
"owner": {
"login": "jakabakos",
"id": 42498816,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/42498816?v=4",
"html_url": "https:\/\/github.com\/jakabakos",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/jakabakos\/CVE-2024-4040-CrushFTP-File-Read-vulnerability",
"description": null,
"fork": false,
"created_at": "2024-05-01T14:42:39Z",
"updated_at": "2024-06-06T11:58:36Z",
"pushed_at": "2024-05-02T09:58:21Z",
"stargazers_count": 3,
"watchers_count": 3,
"has_discussions": false,
"forks_count": 1,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 1,
"watchers": 3,
"score": 0,
"subscribers_count": 1
},
{
"id": 795736659,
"name": "CVE-2024-4040",
"full_name": "gotr00t0day\/CVE-2024-4040",
"owner": {
"login": "gotr00t0day",
"id": 48636787,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/48636787?v=4",
"html_url": "https:\/\/github.com\/gotr00t0day",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/gotr00t0day\/CVE-2024-4040",
"description": "A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.",
"fork": false,
"created_at": "2024-05-03T23:29:53Z",
"updated_at": "2025-10-04T14:02:21Z",
"pushed_at": "2024-05-04T00:05:16Z",
"stargazers_count": 6,
"watchers_count": 6,
"has_discussions": false,
"forks_count": 2,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 2,
"watchers": 6,
"score": 0,
"subscribers_count": 1
},
{
"id": 800094876,
"name": "CVE-2024-4040",
"full_name": "1ncendium\/CVE-2024-4040",
"owner": {
"login": "1ncendium",
"id": 50025292,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/50025292?v=4",
"html_url": "https:\/\/github.com\/1ncendium",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/1ncendium\/CVE-2024-4040",
"description": "A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server. ",
"fork": false,
"created_at": "2024-05-13T17:33:36Z",
"updated_at": "2024-05-13T17:33:41Z",
"pushed_at": "2024-05-13T17:33:37Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 1
},
{
"id": 821345624,
"name": "CVE-2024-4040",
"full_name": "olebris\/CVE-2024-4040",
"owner": {
"login": "olebris",
"id": 78493240,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/78493240?v=4",
"html_url": "https:\/\/github.com\/olebris",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/olebris\/CVE-2024-4040",
"description": "CVE-2024-4040 PoC",
"fork": false,
"created_at": "2024-06-28T10:32:51Z",
"updated_at": "2024-06-28T11:50:56Z",
"pushed_at": "2024-06-28T10:33:06Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 1
},
{
"id": 824427234,
"name": "CVE-2024-4040",
"full_name": "entroychang\/CVE-2024-4040",
"owner": {
"login": "entroychang",
"id": 56551382,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/56551382?v=4",
"html_url": "https:\/\/github.com\/entroychang",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/entroychang\/CVE-2024-4040",
"description": "CVE-2024-4040 PoC",
"fork": false,
"created_at": "2024-07-05T05:46:56Z",
"updated_at": "2025-04-22T04:05:35Z",
"pushed_at": "2024-07-09T09:48:17Z",
"stargazers_count": 3,
"watchers_count": 3,
"has_discussions": false,
"forks_count": 1,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [
"cve",
"cve-2024-4040",
"exploit"
],
"visibility": "public",
"forks": 1,
"watchers": 3,
"score": 0,
"subscribers_count": 1
},
{
"id": 859098985,
"name": "CrushFTP-cve-2024-4040-poc",
"full_name": "safeer-accuknox\/CrushFTP-cve-2024-4040-poc",
"owner": {
"login": "safeer-accuknox",
"id": 180378107,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/180378107?v=4",
"html_url": "https:\/\/github.com\/safeer-accuknox",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/safeer-accuknox\/CrushFTP-cve-2024-4040-poc",
"description": null,
"fork": false,
"created_at": "2024-09-18T04:45:54Z",
"updated_at": "2024-10-16T07:21:52Z",
"pushed_at": "2024-10-16T07:21:48Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 1
},
{
"id": 865497094,
"name": "GenCrushSSTIExploit",
"full_name": "geniuszly\/GenCrushSSTIExploit",
"owner": {
"login": "geniuszly",
"id": 137893386,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/137893386?v=4",
"html_url": "https:\/\/github.com\/geniuszly",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/geniuszly\/GenCrushSSTIExploit",
"description": "is a PoC for CVE-2024-4040 tool for exploiting the SSTI vulnerability in CrushFTP",
"fork": false,
"created_at": "2024-09-30T16:18:07Z",
"updated_at": "2025-03-18T17:59:36Z",
"pushed_at": "2024-09-30T16:19:24Z",
"stargazers_count": 8,
"watchers_count": 8,
"has_discussions": false,
"forks_count": 1,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [
"crush",
"crush-ssti",
"cve",
"cve-2024-4040",
"cybersecurity",
"ethical-hacking",
"exploit",
"exploit-development",
"gencrushsstiexploit",
"penetration-testing",
"security",
"server-side-template-injection",
"ssti",
"vulnerability",
"web-security"
],
"visibility": "public",
"forks": 1,
"watchers": 8,
"score": 0,
"subscribers_count": 1
},
{
"id": 877132815,
"name": "CVE-2024-4040",
"full_name": "rahisec\/CVE-2024-4040",
"owner": {
"login": "rahisec",
"id": 35906436,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/35906436?v=4",
"html_url": "https:\/\/github.com\/rahisec",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/rahisec\/CVE-2024-4040",
"description": null,
"fork": false,
"created_at": "2024-10-23T06:29:19Z",
"updated_at": "2024-10-23T06:31:12Z",
"pushed_at": "2024-10-23T06:31:09Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 1
},
{
"id": 1013828350,
"name": "CrushFTP-CVE-2024-4040-illdeed",
"full_name": "ill-deed\/CrushFTP-CVE-2024-4040-illdeed",
"owner": {
"login": "ill-deed",
"id": 210107232,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/210107232?v=4",
"html_url": "https:\/\/github.com\/ill-deed",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/ill-deed\/CrushFTP-CVE-2024-4040-illdeed",
"description": "Exploit for CVE-2024-4040 Authentication bypass in CrushFTP via CrushAuth cookie and AWS-style header spoofing. Stealthy Python PoC with secure token generation, SSL bypass, and improved output.",
"fork": false,
"created_at": "2025-07-04T14:30:16Z",
"updated_at": "2025-07-04T14:42:20Z",
"pushed_at": "2025-07-04T14:42:17Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
},
{
"id": 1090633656,
"name": "CrushFTP10-Docker-CVE-2024-4040",
"full_name": "juanorts\/CrushFTP10-Docker-CVE-2024-4040",
"owner": {
"login": "juanorts",
"id": 91051695,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/91051695?v=4",
"html_url": "https:\/\/github.com\/juanorts",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/juanorts\/CrushFTP10-Docker-CVE-2024-4040",
"description": "A Dockerized setup for running a vulnerable CrushFTP 10 server instance (CVE-2024-4040).",
"fork": false,
"created_at": "2025-11-05T23:43:18Z",
"updated_at": "2025-11-06T00:00:08Z",
"pushed_at": "2025-11-06T00:00:05Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]
Reference in a new issue View git blame Copy permalink