漏洞平台

POC详情： 08fb33af78e3c8ab6af7f820e93850e3fae9728b

来源

https://github.com/TX-One/CVE-2025-31161

关联漏洞

标题： CrushFTP 安全漏洞 (CVE-2025-31161)
描述：CrushFTP是CrushFTP公司的一款文件传输服务器。 CrushFTP 10.8.4之前的10.x本和11.3.1之前的11.x版本存在安全漏洞，该漏洞源于认证绕过漏洞，可能导致账户接管。

描述

CrushFTP CVE-2025-31161 Exploit Tool 🔓

介绍

# CrushFTP CVE-2025-31161 Exploit Tool 🔓
**Advanced detection and exploitation tool for CVE-2025-31161 vulnerability in vulnerable CrushFTP versions.**
-----


`CVE-2025-31161` is a critical authentication bypass vulnerability in the CrushFTP Web Interface. By manipulating the HTTP Authorization header, an unauthenticated attacker can gain full access under any valid username without supplying the correct password.

Affected Versions

CrushFTP 9.3.8

CrushFTP 9.3.9

CrushFTP 9.3.10

CrushFTP 9.3.11

CrushFTP 9.3.12

CrushFTP Enterprise versions before 9.3.12.5


## Key Features 🚀

- Automatic CrushFTP version detection and vulnerability verification
- Multi-threaded credential testing for rapid user enumeration
- Dual authentication method support (Bearer Token & Basic Auth)
- JSON report generation with session cookies
- Smart connection retry mechanisms with custom configurations
- Colorized console output with detailed logging
- Vulnerable version coverage:
  - 9.3.8 through 9.3.12.5

 ## Requirements 📋

- Python 3.8+
- Required packages:
  ```bash
  pip install requests colorama urllib3
  ```

  ## Installation 🛠️

1. Install dependencies:
  ```bash
   pip install requests colorama urllib3
   ```
2. Clone repository:
  ```bash
   git clone https://github.com/TX-One/CVE-2025-31161.git
   cd CVE-2025-31161
   python3 tx-crush.py -h
   ```

## Usage 🖥️

### Basic Command:
```
python3 CVE-2025-31161.py -t https://target:8080 -u users.txt -o results.json
```
### Options:
```
-h, --help            show this help message and exit
  -t, --target TARGET   Target URL (e.g., https://example.com:8080)
  -u, --users USERS     File containing username list
  -o, --output OUTPUT   Output JSON file
  -T, --threads THREADS
                        Number of threads (default: 5)
  --no-ssl              Disable SSL verification
  --timeout TIMEOUT     Request timeout (default: 15)
  --retries RETRIES     Number of retries (default: 3)
  --force               Bypass version check
```
### Advanced Example:
```bash
python3 exploit.py
  -t https://vulnerable-server.com:8000
  -u ./wordlists/common_users.txt
  -o ./results/compromised.json
  -T 10
  --retries 5
  --timeout 20
```

## Output Sample 📄

```json
[
  {
    "target": "https://victim:8080",
    "user": "admin",
    "success": true,
    "method": "Bearer",
    "cookies": {"sessionID": "a1b2c3..."},
    "server_version": "CrushFTP/9.3.12"
  }
]
```
```json
[
  {
        "target": "http://victim:8080",
        "user": "admin",
        "success": false
    }
]
```
**Disclaimer:** This project is for educational and security research purposes only. Responsible usage required.

文件快照


 [4.0K]  /data/pocs/08fb33af78e3c8ab6af7f820e93850e3fae9728b
├── [4.0K]  img
│   └── [ 32K]  crushftp_banner.png
├── [2.6K]  README.md
└── [8.8K]  tx-crush.py

1 directory, 3 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。