CVE-2025-31161 PoC — CrushFTP 安全漏洞

Source

Associated Vulnerability

Description

PoC CVE-2025-31161 - Authentication Bypass CrushFTP

Readme

# CVE-2025-31161 - CrushFTP Authentication Bypass Exploit
> PoC CVE-2025-31161 - Authentication Bypass CrushFTP

---

## 📌 CVE Details

- **ID**: CVE-2025-31161  
- **Type**: Authentication Bypass  
- **Vendor**: CrushFTP  
- **Impact**: Allows unauthenticated attackers to forge a valid `CrushAuth` token and create a fully privileged admin user.
- **More Info**: [NVD Entry (when available)](https://nvd.nist.gov/vuln/detail/CVE-2025-31161)

---

## ⚙️ Description

This exploit targets a critical vulnerability in **CrushFTP**, allowing remote unauthenticated attackers to **bypass authentication** and **create arbitrary admin users**.

It works by crafting a valid-looking `CrushAuth` token and abusing the `/WebInterface/function/` endpoint to submit a fully-formed XML payload.

---

## 🚀 Usage

### 🔧 Requirements

- `curl`
- `shuf`

### Instalation

```bash
git clone https://github.com/f4dee-backup/CVE-2025-31161
```
```bash
cd CVE-2025-31161
```
```bash
chmod +x CVE-2025-31161.sh
```
### Help Panel:
```
./CVE-2025-31161.sh --help

[?] Parameters description:

	--url            Target base URL (e.g., http://target)
	--port           Port where CrushFTP is running
	--target-user    Valid or invalid username (e.g., crushadmin)
	--new-user       Username to be created (e.g., Pwn3d)
	--new-password   Password for the new user
	--help           Show this help panel

[i] Example: bash ./cve_official.sh --url http://target.com --port 80 --target-user crushadmin --new-user evilUser --new-password pass12345
```

File Snapshot

 [4.0K]  /data/pocs/28d6aae82e7dadd9b3698506b086317d30e9f506
├── [6.7K]  CVE-2025-31161.sh
├── [1.0K]  LICENSE
├── [1.5K]  README.md
└── [  30]  requirements.txt

0 directories, 4 files

Remarks