POC详情: 89eefce71078dbd7ff09d2122df8192a7fe46f7f

来源
https://github.com/ill-deed/CrushFTP-CVE-2024-4040-illdeed
关联漏洞
标题: CrushFTP 代码注入漏洞 (CVE-2024-4040)
描述:CrushFTP是一款文件传输服务器。 CrushFTP 10.7.1 和 11.1.0 之前版本存在安全漏洞,该漏洞源于允许低权限的远程攻击者从 VFS 沙箱之外的文件系统读取文件。
描述
Exploit for CVE-2024-4040 – Authentication bypass in CrushFTP via CrushAuth cookie and AWS-style header spoofing. Stealthy Python PoC with secure token generation, SSL bypass, and improved output.
介绍
# CVE-2024-4040 — CrushFTP Authentication Bypass Exploit

This repository contains a stealthy Python proof-of-concept (PoC) exploit for **CVE-2024-4040**, a critical vulnerability in CrushFTP (v10 and below) that allows an attacker to bypass authentication using a forged `CrushAuth` cookie and AWS-style `Authorization` header.

## 🚨 Vulnerability Summary

> An unauthenticated attacker can bypass authentication in vulnerable CrushFTP instances by crafting a specific cookie/header combination, gaining unauthorized access to internal web functions.

- **CVE ID**: [CVE-2024-4040](https://nvd.nist.gov/vuln/detail/CVE-2024-4040)
- **Severity**: Critical (CVSS 9.8)
- **Affected**: CrushFTP v10.x (prior to official patch)

---

## ⚙️ Features

- ✅ Python 3.x PoC
- ✅ Secure `CrushAuth` generation using `secrets`
- ✅ Valid AWS-style spoofed `Authorization` header
- ✅ Built-in SSL bypass with suppression
- ✅ No external dependencies (only `requests`)
- ✅ Clean console output with status and detection

---

## 🛠 Usage

```bash
python3 CVE-2024-4040.py http://target-ip:8080 --valid_username crushadmin
```

`target_url` — Base URL of the CrushFTP server

`--valid_username` — Known valid user (default: crushadmin)

---

🔍 Example Output
```
[*] CrushFTP Authentication Bypass Exploit
[*] Targeting: http://192.168.1.10:8080
[*] Using username: crushadmin

[+] Exploit Result:

Status_Code    : 200
Response_Text  : {"getUserNameResponse":{"user_name":"crushadmin"}}

[+] CrushFTP Server is VULNERABLE!
```

---

## ⚠️ Legal Notice

This code is for educational and authorized security testing purposes only.
Do not use against systems you do not own or have explicit permission to test.


---

## 🙏 Credits

PoC Refactor: illdeed
文件快照

 [4.0K]  /data/pocs/89eefce71078dbd7ff09d2122df8192a7fe46f7f
├── [3.2K]  CVE-2024-4040.py
├── [1.0K]  LICENSE
└── [1.7K]  README.md

0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。