漏洞平台

POC详情： 1667be48be0c208808fee5dc66a9c54a3622a594

来源

https://github.com/0xgh057r3c0n/CVE-2025-31161

关联漏洞

标题： CrushFTP 安全漏洞 (CVE-2025-31161)
描述：CrushFTP是CrushFTP公司的一款文件传输服务器。 CrushFTP 10.8.4之前的10.x本和11.3.1之前的11.x版本存在安全漏洞，该漏洞源于认证绕过漏洞，可能导致账户接管。

描述

🛡️ CVE-2025-31161 - CrushFTP User Creation Authentication Bypass Exploit

介绍

# CVE-2025-31161 - CrushFTP User Creation Authentication Bypass Exploit

![CrushFTP Logo](https://www.crushftp.com/assets/img/logo/logo.png)

## 📌 Description

This Python exploit targets **CrushFTP** servers vulnerable to **CVE-2025-31161**. The vulnerability allows **unauthenticated user account creation** by sending a crafted XML payload to the WebInterface, potentially resulting in full server compromise.

---

## ⚠️ Disclaimer

> **This tool is intended for educational and authorized security testing only.**  
> Unauthorized use against systems you do not own or have explicit permission to test is **illegal** and unethical.

---

## 🧰 Requirements

- Python 3
- pip3
- Python modules:
  - `requests`
  - `colorama`

### ✅ Install Python3 and pip3

**Debian/Ubuntu:**

```bash
sudo apt update
sudo apt install python3 python3-pip -y
````

**CentOS/RHEL:**

```bash
sudo yum install python3 python3-pip -y
```

**macOS (with Homebrew):**

```bash
brew install python3
```

### ✅ Install Python dependencies

```bash
pip3 install requests colorama
```

---

## 🔧 Usage

```bash
python3 CVE-2025-31161.py --target_host <TARGET_IP> [--port <PORT>] [--target_user <ADMIN>] [--new_user <USERNAME>] [--password <PASSWORD>]
```

### 🔍 Example

```bash
python3 CVE-2025-31161.py --target_host 192.168.1.100 --new_user backdoor --password P@ssw0rd!
```

---

## 🧪 Command-Line Options

| Argument        | Description                           | Default Value               |
| --------------- | ------------------------------------- | --------------------------- |
| `--target_host` | **(Required)** IP or domain of target | —                           |
| `--port`        | Port of CrushFTP WebInterface         | `8080`                      |
| `--target_user` | Admin username (used in payload)      | `crushadmin`                |
| `--new_user`    | Username for new unauthorized account | `AuthBypassAccount`         |
| `--password`    | Password for the new user             | `CorrectHorseBatteryStaple` |

---

## 🖥️ Sample Output

```
[+] Preparing Payloads
  [-] Warming up the target...
  [-] Target is up and running
[+] Sending Account Create Request
  [!] User created successfully!

[+] Exploit Complete! You can now login with:
   [*] Username: AuthBypassAccount
   [*] Password: CorrectHorseBatteryStaple
```

---

## 👨‍💻 Author

**Gaurav Bhattacharjee** (`G4UR4V007`)

---

## 📄 License

This project is licensed under the [MIT License](https://github.com/0xgh057r3c0n/CVE-2025-31161/blob/main/LICENSE).
---

文件快照


 [4.0K]  /data/pocs/1667be48be0c208808fee5dc66a9c54a3622a594
├── [5.5K]  CVE-2025-31161.py
├── [2.5K]  CVE-2025-31161.yaml
├── [1.1K]  LICENSE
└── [2.5K]  README.md

0 directories, 4 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。