CrushFTP Authentication Bypass Vulnerability
漏洞信息
漏洞名称: CrushFTP Authentication Bypass Vulnerability
漏洞编号:
- CVE: CVE-2024-4040
漏洞类型: 权限绕过
漏洞等级: 严重
漏洞描述: CrushFTP是一款广泛使用的文件传输协议服务器软件,支持多种协议如FTP、SFTP、HTTP等,常用于企业环境中进行文件共享和数据传输。由于其功能强大且易于部署,CrushFTP在多个行业中有广泛的应用。此次发现的漏洞CVE-2024-4040影响CrushFTP v10及以下版本,属于认证绕过漏洞。攻击者可以通过伪造特定的CrushAuth cookie和AWS风格的Authorization头来绕过认证机制,无需有效凭证即可访问内部网络功能。这种漏洞的技术根源在于服务器未能正确验证用户提供的认证信息,导致攻击者可以构造恶意请求绕过安全检查。由于该漏洞允许未授权访问,攻击者可以利用此漏洞获取敏感信息、执行未授权操作或进一步渗透网络。更为严重的是,该漏洞的利用无需用户交互,可以被自动化工具利用,大大增加了其危害性。因此,该漏洞被评定为严重级别,建议所有使用受影响版本的用户立即更新到官方发布的最新版本以修复此漏洞。
产品厂商: CrushFTP
产品名称: CrushFTP
影响版本: v10.x (prior to official patch)
来源: https://github.com/ill-deed/CrushFTP-CVE-2024-4040-illdeed
类型: CVE-2024:github search
仓库文件
- CVE-2024-4040.py
- LICENSE
- README.md
来源概述
CVE-2024-4040 — CrushFTP Authentication Bypass Exploit
This repository contains a stealthy Python proof-of-concept (PoC) exploit for CVE-2024-4040, a critical vulnerability in CrushFTP (v10 and below) that allows an attacker to bypass authentication using a forged CrushAuth cookie and AWS-style Authorization header.
🚨 Vulnerability Summary
An unauthenticated attacker can bypass authentication in vulnerable CrushFTP instances by crafting a specific cookie/header combination, gaining unauthorized access to internal web functions.
- CVE ID: CVE-2024-4040
- Severity: Critical (CVSS 9.8)
- Affected: CrushFTP v10.x (prior to official patch)
⚙️ Features
- ✅ Python 3.x PoC
- ✅ Secure
CrushAuthgeneration usingsecrets - ✅ Valid AWS-style spoofed
Authorizationheader - ✅ Built-in SSL bypass with suppression
- ✅ No external dependencies (only
requests) - ✅ Clean console output with status and detection
🛠 Usage
1 | |
target_url — Base URL of the CrushFTP server
--valid_username — Known valid user (default: crushadmin)
🔍 Example Output
1 | |
⚠️ Legal Notice
This code is for educational and authorized security testing purposes only.
Do not use against systems you do not own or have explicit permission to test.
🙏 Credits
PoC Refactor: illdeed