CVE-2025-47812

This exploit leverages a NULL byte injection in the username parameter during login to inject Lua code into session files, which is executed when accessing authenticated functionalities, leading to unauthenticated RCE in Wing FTP Server <= 7.4.3.

This repository contains a functional Python exploit for CVE-2025-47812, targeting Wing FTP Server <= 7.4.3. The exploit leverages NULL byte injection in the username parameter to achieve unauthenticated remote code execution via Lua code injection in session files.

This repository contains a functional exploit for CVE-2025-47812, targeting Wing FTP Server versions 7.4.3 and earlier. The exploit leverages improper handling of NULL bytes in the username parameter to inject Lua code, enabling remote command execution and reverse shell establishment.

The repository contains a functional SQL injection exploit for WordPress Quiz Maker (CVE-2025-10042), demonstrating time-based blind SQLi via crafted HTTP headers. The exploit includes data extraction logic for admin credentials and password hashes.

The repository contains detailed technical writeups for multiple CVEs, including command injection, XXE, SQLi, and RCE vulnerabilities. Each writeup includes vulnerability descriptions, proof-of-concept examples, mitigation recommendations, and references to external resources.

This repository contains a functional exploit for CVE-2025-47812, targeting Wing FTP Server <= 7.4.3 via Lua injection in the login handler. The exploit allows remote command execution and includes options for both single commands and reverse shells.

This repository contains a functional Python exploit for CVE-2025-47812, targeting Wing FTP Server versions prior to 7.4.4. The exploit leverages a null byte injection in the username parameter to achieve unauthenticated remote code execution (RCE) via Lua code injection.

This repository contains a functional Python exploit for CVE-2025-47812, targeting Wing FTP Server < 7.4.4. The exploit leverages improper null byte handling in the login endpoint to inject Lua code into session files, enabling unauthenticated remote code execution.

This repository contains a functional exploit for CVE-2025-47812, targeting Wing FTP Server versions before 7.4.4. The exploit leverages a Lua injection vulnerability via null byte manipulation in the login input to achieve remote code execution (RCE).

The repository contains a simple C program that sends a basic HTTP GET request to a target IP but does not demonstrate exploitation of CVE-2025-47812. It lacks payload delivery or exploitation logic, functioning more as a network scanner.

This repository provides a technical analysis of CVE-2025-47812, a critical RCE vulnerability in Wing FTP Server via Lua injection. It includes a detailed report with static and dynamic analysis but does not contain exploit code.

This repository contains a functional Python exploit for CVE-2025-47812, targeting Wing FTP Server <= 7.4.3. The exploit leverages unauthenticated Lua code injection via crafted login requests to achieve remote code execution (RCE).

This repository contains a functional exploit for CVE-2025-47812, which leverages a NULL byte authentication bypass and Lua code injection in Wing FTP Server to achieve unauthenticated remote code execution. The exploit includes detailed technical analysis and a Python script to execute commands, spawn shells, or dump sensitive files.

This repository contains a functional Python exploit for CVE-2025-47812, demonstrating unauthenticated remote code execution in Wing FTP Server <= 7.4.3 via NULL byte injection in the username parameter, leading to Lua code execution in session files.

This repository contains a functional Python exploit for CVE-2025-47812, targeting Wing FTP Server < 7.4.4. The exploit leverages null byte injection in the login endpoint to achieve unauthenticated remote code execution via Lua code injection.

This script exploits an unauthenticated remote code execution vulnerability in Wing FTP Server 7.4.3 by injecting a Lua payload into the login request via the username parameter, then retrieving the command output via a crafted cookie. The exploit leverages a command injection flaw in the authentication mechanism.

This repository contains a Nuclei template for detecting Wing FTP Server versions vulnerable to CVE-2025-47812 by checking the version in the web client's HTML response. It does not include an exploit but scans for vulnerable versions.

The repository contains a functional exploit for CVE-2025-47812, targeting Wing FTP Server. The exploit leverages a null byte injection in the username parameter to execute arbitrary Lua code, leading to remote command execution.

This repository contains a functional Python exploit for CVE-2025-47812, targeting Wing FTP Server < 7.4.4. The exploit leverages improper handling of null bytes in the login form to inject Lua code into session files, enabling unauthenticated remote code execution (RCE).

This repository contains a functional exploit for CVE-2025-47812, which leverages improper input validation in Wing FTP Server to achieve unauthenticated remote code execution via NULL byte injection in usernames, leading to Lua payload execution in session files.

This repository contains a functional Python exploit for CVE-2025-47812, targeting Wing FTP Server. The exploit leverages a Lua injection vulnerability in the username parameter during authentication to achieve remote command execution (RCE).

This Metasploit module exploits a NULL-byte truncation vulnerability in Wing FTP Server (CVE-2025-47812) to bypass authentication and inject arbitrary Lua code, leading to remote code execution with root/SYSTEM privileges.

This Metasploit module exploits an authenticated command execution vulnerability in Wing FTP Server's admin web interface by leveraging the embedded Lua interpreter to execute arbitrary system commands via `os.execute()`. It supports both PowerShell and VBS-based payload delivery.