crushftp-anonymous-login: CrushFTP - Anonymous Login

日期: 2025-08-01 | 影响软件: crushftp | POC: 已公开

漏洞描述

CrushFTP Anonymous login credentials were discovered.

PoC代码[已公开]

id: crushftp-anonymous-login

info:
  name: CrushFTP - Anonymous Login
  author: pussycat0x
  severity: high
  description: |
    CrushFTP Anonymous login credentials were discovered.
  classification:
    cpe: cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: crushftp
    product: crushftp
    shodan-query: html:"CrushFTP"
  tags: default-logins,anonymous,crushftp,default-login,vuln

http:
  - raw:
      - |
        GET /WebInterface/ HTTP/1.1
        Host: {{Hostname}}
      - |
        POST /WebInterface/function/ HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        command=getUsername&random=0.4186510822713485&c2f={{auth}}

    matchers-condition: and
    matchers:
      - type: word
        part: body_2
        words:
          - "<username>anonymous</username>"

      - type: word
        part: header_2
        words:
          - "text/xml"

    extractors:
      - type: regex
        name: auth
        internal: true
        part: header_1
        group: 1
        regex:
          - 'currentAuth=([0-9a-zA-Z]+)'
# digest: 4a0a00473045022100cc90246c1be7c6fb35237bc7d965de03e0f0ceb3cd7d7006baaceeba35d7791f02200bdb23ebfcd130844b0db7799fded2374f98489407af6f52f5c982376400f6e7:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/default-logins/crushftp/crushftp-anonymous-login.yaml

相关漏洞推荐