Create CrushFTP_as2-to_Authentication_Permission_bypass_Vulnerability.md

2025-06-20 09:50:49 +00:00 · 2023-11-30 23:42:03 +08:00 · 2023-11-30 23:42:03 +08:00 · 31e28ade0e
commit 31e28ade0e
parent 98f2d80fd1
1 changed files with 12 additions and 0 deletions
--- a/CrushFTP_as2-to_Authentication_Permission_bypass_Vulnerability.md
+++ b/CrushFTP_as2-to_Authentication_Permission_bypass_Vulnerability.md
@ -0,0 +1,12 @@
+## CrushFTP as2-to Authentication Permission bypass Vulnerability (CVE-2023-43177)
+
+|   **Vulnerability**  | 	CrushFTP as2-to Authentication Permission bypass Vulnerability (CVE-2023-43177)  |
+| :----:   | :-----|
+|  **Chinese name**  | CrushFTP as2-to 认证权限绕过漏洞（CVE-2023-43177） |
+| **CVSS core**  | 9.8 |
+| **FOFA Query**  (click to view the results directly)| [app="crushftp-WebInterface""](https://en.fofa.info/result?qbase64=c2VydmVyPSJDcnVzaEZUUCIgfHwgaGVhZGVyPSIvV2ViSW50ZXJmYWNlL2xvZ2luLmh0bWwiIHx8IGJhbm5lcj0iL1dlYkludGVyZmFjZS9sb2dpbi5odG1sIiB8fCBoZWFkZXI9Ii9XZWJJbnRlcmZhY2UvdzNjL3AzcC54bWwiIHx8IGJhbm5lcj0iL1dlYkludGVyZmFjZS93M2MvcDNwLnhtbCIgfHwgdGl0bGU9IkNydXNoRlRQIg%3D%3D) |
+| **Number of assets affected**  | 	38695 |
+| **Description**  | CrushFTP is a powerful file transfer server suitable for secure and efficient file transfer and management for individual or enterprise users.CrashFTP has a permission bypass vulnerability, where attackers can bypass system permission control by constructing malicious as2 to request authentication, achieving arbitrary execution of malicious operations such as file read and delete. |
+| **Impact** | CrashFTP has a permission bypass vulnerability, where attackers can bypass system permission control by constructing malicious as2 to request authentication, achieving arbitrary execution of malicious operations such as file read and delete. |
+
+![](https://s3.bmp.ovh/imgs/2023/11/30/8d49b65293d87b3a.gif)