Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2024-4040 PoC — Unauthenticated arbitrary file read and remote code execution in CrushFTP

Source
https://github.com/Praison001/CVE-2024-4040-CrushFTP-server
Associated Vulnerability
Title:Unauthenticated arbitrary file read and remote code execution in CrushFTP (CVE-2024-4040)
Description:A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.
Description
Exploit for CVE-2024-4040 affecting CrushFTP server in all versions before 10.7.1 and 11.1.0 on all platforms
Readme
# CVE-2024-4040-CrushFTP-server

CrushFTP is a proprietary multi-protocol, multi-platform file transfer server.

**CVE-2024-4040** - A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read any files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server. 

Affected versions: CrushFTP versions before 10.7.1 and 11.1.0

**Usage:** python3 exploit.py -u -p

**Usage example:** python3 exploit.py -u http://127.0.0.1 -p 8080

**Disclaimer: This exploit is to be used only for educational and authorized testing purposes. Illegal/unauthorized use of this exploit is prohibited.**

**References:**
https://nvd.nist.gov/vuln/detail/CVE-2024-4040
https://www.rapid7.com/blog/post/2024/04/23/etr-unauthenticated-crushftp-zero-day-enables-complete-server-compromise/
https://www.bleepingcomputer.com/news/security/crushftp-warns-users-to-patch-exploited-zero-day-immediately/
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →