POC详情: 11bbe92a7841b629ba740ed2915dd3cbdac53f8c

来源
https://github.com/Teexo/CVE-2025-31161
关联漏洞
标题: CrushFTP 安全漏洞 (CVE-2025-31161)
描述:CrushFTP是CrushFTP公司的一款文件传输服务器。 CrushFTP 10.8.4之前的10.x本和11.3.1之前的11.x版本存在安全漏洞,该漏洞源于认证绕过漏洞,可能导致账户接管。
描述
Scans target to see if its vulnerable to CVE-2025-31161
介绍

 
# CVE-2025-31161 CrushFTP Authentication Bypass Scanner

A Python tool to detect and test for CVE-2025-31161 vulnerability in CrushFTP servers.




## 📖 Description

This script tests for the authentication bypass vulnerability (CVE-2025-31161) in CrushFTP servers that allows remote attackers to authenticate without valid credentials through HTTP Authorization header manipulation.

## ✨ Features

- 🔍 Interactive target input (IP and port)
- 🎯 Multiple exploitation payload testing
- 📊 Automatic vulnerability detection
- 🎨 Clear visual indicators with emojis
- 📋 Comprehensive results reporting
- ⚡ Easy to use with no complex configuration

## 🚀  Basic Usage

```bash
python3 CVE-2025-31161.py
```



# Installation  

```bash 
git clone https://github.com/yourusername/CVE-2025-31161.py
cd CVE-2025-31161.py
pip3 install -r requirements.txt
```  


## Example Session

$ python3 CVE-2025-31161.py

🔍 CrushFTP CVE-2025-31161 Authentication Bypass Tester
==================================================
**Enter target IP address**: 192.168.1.100  
**Enter target port** [8080]: 8080

#### 🎯 Target: http://192.168.1.100:8080  

#### 🚀 Starting vulnerability scan...  

==================================================

📡 **Testing:** /WebInterface/   
🔑 **Payload:** 'A'    
📊 **Status:**  200  
🎉 **VULNERABILITY CONFIRMED**  
💡 **200 OK with content:** dashboard, main  
✅ **Working payload:** 'A'  


## 📋 SCAN RESULTS  

==================================================  
🎯 **Target:** 192.168.1.100:8080  
🔴 **VULNERABILITY STATUS:** VULNERABLE  
💥 **CVE-2025-31161 Authentication Bypass CONFIRMED**

✅ **Working payloads:**  
#### 1. **A** -> /WebInterface/
==================================================  

### Legal Disclaimer  

This tool is for educational and authorized testing purposes only. Only use on systems you own or have explicit permission to test.
文件快照

 [4.0K]  /data/pocs/11bbe92a7841b629ba740ed2915dd3cbdac53f8c
├── [1.0K]  LICENSE
├── [1.9K]  README.md
└── [  33]  requirements.txt

0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。