CVE-2025-31161

This PoC exploits an authentication bypass vulnerability (CVE-2025-31161) in CrushFTP to create a new admin-level user account. It sends crafted HTTP requests with specific headers and payloads to bypass authentication and create the user.

The repository contains a functional exploit PoC for CVE-2025-31161, targeting CrushFTP with an authentication bypass vulnerability. The script demonstrates command execution via session manipulation and shell command injection.

This Python script exploits CVE-2025-31161 (and CVE-2025-2825) in CrushFTP by sending crafted XML payloads to create a new user with elevated privileges via an authentication bypass. It supports both single-target and mass exploitation with threading.

This Python exploit targets CVE-2025-31161, an authentication bypass vulnerability in CrushFTP that allows unauthenticated user account creation via crafted XML payloads sent to the WebInterface. The PoC sends a POST request with a malicious XML payload to create a new user account.

The repository contains functional exploit code for CVE-2025-31161, demonstrating an authentication bypass vulnerability. The exploit creates a new user with arbitrary credentials by sending crafted XML payloads to the target server.

This repository contains a Python-based exploit tool for CVE-2025-31161, an authentication bypass vulnerability in CrushFTP versions 9.3.8 through 9.3.12.5. The tool automates version detection, credential testing, and exploitation via manipulated HTTP Authorization headers (Bearer/Basic Auth).

This is a Python-based exploit for CVE-2025-31161, targeting CrushFTP versions before 10.8.4 and 11.3.1. It exploits an authentication bypass via a race condition and header parsing flaw in the AWS4-HMAC mechanism, allowing unauthenticated access and potential admin takeover.

This exploit automates the creation of an admin user in CrushFTP by forging a valid CrushAuth token, leveraging an authentication bypass vulnerability (CVE-2025-31161). It crafts a dynamic token and sends a malicious XML payload to create a privileged user.

The repository contains functional exploit code for multiple CVEs, including authentication bypass vulnerabilities in TOTOLINK devices and a scanner for Fortinet SSL VPN (CVE-2024-21762). The PoCs demonstrate the vulnerabilities with clear technical details and HTTP request formats.

This PoC exploits CVE-2025-31161 in CrushFTP by creating an admin user, enabling a plugin for command execution, and restarting the server to achieve remote code execution (RCE). The exploit leverages authentication bypass and plugin manipulation to execute arbitrary commands.

This Python script exploits CVE-2025-31161 in CrushFTP to list existing users and create a new malicious user with elevated permissions. It uses crafted HTTP requests with specific headers and XML payloads to interact with the vulnerable service.

This Nuclei template detects the CrushFTP authentication bypass vulnerability (CVE-2025-2825) by sending crafted HTTP requests with manipulated cookies and headers to check for unauthorized access to user lists.

This repository contains a functional Go exploit for CVE-2025-31161, an authentication bypass vulnerability in CrushFTP versions 10.x and 11.x. The exploit leverages malformed AWS4-HMAC-SHA256 headers and fake session cookies to bypass authentication and create a new admin user.

This PoC exploits CVE-2025-31161, an authentication bypass vulnerability in CrushFTP, to create a new admin-level user account. It sends crafted HTTP requests with specific headers and XML payloads to bypass authentication and create the user.

This repository contains a Python-based scanner for detecting CVE-2025-31161, an authentication bypass vulnerability in CrushFTP servers. The tool tests for the vulnerability by manipulating HTTP Authorization headers and provides clear output indicating whether the target is vulnerable.

This repository contains a functional PoC for CVE-2025-31161, an authentication bypass vulnerability in CrushFTP's web interface. It includes Go and Bash implementations to detect vulnerability, enumerate users, and create unauthorized accounts via crafted HTTP requests.

This Python script exploits CVE-2025-31161, an authentication bypass vulnerability in CrushFTP, by manipulating CrushAuth and AWS4-HMAC-SHA256 headers to retrieve user lists from the getUserList API endpoint.

The repository contains only a README.md file describing CVE-2025-31161 as an authentication bypass vulnerability in CrushFTP server. No exploit code or technical details are provided.

This repository contains a functional exploit for CVE-2025-31161, an authentication bypass vulnerability in CrushFTP. The exploit leverages a logic error in AWS4-HMAC header parsing to trigger an IndexOutOfBounds exception, allowing session hijacking and administrative account creation.

This script scans for the presence of the string 'crushadmin' in HTTP responses from a target URL or list of URLs, indicating potential exposure of CVE-2025-31161. It uses multi-threading to check multiple targets efficiently.

This exploit leverages a race condition and header parsing flaw in CrushFTP's AWS4-HMAC authorization mechanism to bypass authentication and achieve admin access. It includes functionality for target management, vulnerability scanning, and exploitation.

This repository contains a functional Python script that exploits CVE-2025-31161 in CrushFTP to list existing users and create a malicious user with elevated permissions. The exploit leverages improper authentication handling in the CrushFTP WebInterface.