POC详情: 98035b7bd86403a073795b8a535f06a7905c7e15

来源
https://github.com/r0otk3r/CVE-2025-47812
关联漏洞
标题: Wing FTP Server 7.4.3及 安全漏洞 (CVE-2025-47812)
描述:Wing FTP Server是Wing FTP Server开源的一套跨平台的FTP服务器软件。 Wing FTP Server 7.4.3版本及之前版本存在安全漏洞。攻击者利用该漏洞可以远程执行代码。
介绍

# CVE-2025-47812 – Wing FTP Server RCE Exploit

**Exploit Title:** Wing FTP Server < 7.4.4 Remote Code Execution via Lua Injection  
**CVE:** [CVE-2025-47812](https://nvd.nist.gov/vuln/detail/CVE-2025-47812)  
 **Tested on:** Wing FTP Server v7.3.x (Windows/Linux)  
**Impact:** Remote Code Execution (RCE) as SYSTEM/root  
**Severity:** Critical

---

## Description

A vulnerability in Wing FTP Server's handling of `\0` (null byte) in login input allows an attacker to **inject arbitrary Lua code** into session files via the user or admin web interface. This can be leveraged to execute system commands on the underlying OS.

- Works **unauthenticated** if anonymous login is enabled.
- Lua injection is triggered via the `username` parameter.
- Command output is extracted from `dir.html` using leaked `UID`.

---

## Features

-  Remote command execution
-  Interactive shell (`-i`)
-  Anonymous access support
-  Proxy support (`--proxy`)
-  Custom credentials
-  Clean, readable output

---

## Usage

```bash
python3 wingftp_cve_2025_47812.py [-h] [-u URL] [--list LIST] [-c COMMAND] [-U USERNAME] [-P PASSWORD] [--proxy PROXY] [-v] [-i]
```
### Example:
```bash
python3 wingftp_cve_2025_47812.py -u "http://192.168.1.10" -c "whoami" -U anonymous -P password --proxy "http://127.0.0.1:8080" -v -i
```
<img width="1902" height="926" alt="Screenshot_2025-07-27_16_32_55" src="https://github.com/user-attachments/assets/3c4aa773-9fc0-4e2e-827a-12ba8627858c" />

---

## Request/Response:

<img width="1920" height="672" alt="Screenshot_2025-07-27_16_33_07" src="https://github.com/user-attachments/assets/608c7aa8-cc33-4175-9451-d06744a861e8" />


<img width="1920" height="672" alt="Screenshot_2025-07-27_16_33_21" src="https://github.com/user-attachments/assets/1e2b300f-0451-4c0d-9057-69f6a4041385" />



## ⚠️ Disclaimer

This exploit script is provided for educational purposes and authorized testing only.
Usage against systems without explicit permission is illegal and unethical.


## Official Channels

- [YouTube @rootctf](https://www.youtube.com/@rootctf)
- [X @r0otk3r](https://x.com/r0otk3r)
文件快照

 [4.0K]  /data/pocs/98035b7bd86403a073795b8a535f06a7905c7e15
├── [2.1K]  README.md
└── [6.2K]  wingftp_cve_2025_47812.py

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。