Share
## https://sploitus.com/exploit?id=6526EB29-075D-54A5-A2BB-240329A5B7F0
# CVE-2025-31161 - CrushFTP Authentication Bypass Exploit
> PoC CVE-2025-31161 - Authentication Bypass CrushFTP

---

## ๐Ÿ“Œ CVE Details

- **ID**: CVE-2025-31161  
- **Type**: Authentication Bypass  
- **Vendor**: CrushFTP  
- **Impact**: Allows unauthenticated attackers to forge a valid `CrushAuth` token and create a fully privileged admin user.
- **More Info**: [NVD Entry (when available)](https://nvd.nist.gov/vuln/detail/CVE-2025-31161)

---

## โš™๏ธ Description

This exploit targets a critical vulnerability in **CrushFTP**, allowing remote unauthenticated attackers to **bypass authentication** and **create arbitrary admin users**.

It works by crafting a valid-looking `CrushAuth` token and abusing the `/WebInterface/function/` endpoint to submit a fully-formed XML payload.

---

## ๐Ÿš€ Usage

### ๐Ÿ”ง Requirements

- `curl`
- `shuf`

### Instalation

```bash
git clone https://github.com/f4dee-backup/CVE-2025-31161
```
``bash
cd CVE-2025-31161
```
```bash
chmod +x CVE-2025-31161.sh
```
### Help Panel:
```
./CVE-2025-31161.sh --url  --port  --target-user  --new-user  --new-password 

[?] Parameters description:

	--url            Target base URL (e.g., http://target)
	--port           Port where CrushFTP is running
	--target-user    Valid or invalid username (e.g., crushadmin)
	--new-user       Username to be created (e.g., Pwn3d)
	--new-password   Password for the new user
	--help           Show this help panel

[i] Example: bash ./cve_official.sh --url http://target.com --port 80 --target-user crushadmin --new-user evilUser --new-password pass12345
```