CVE-2025-31161 – CrushFTP Authentication Bypass Exploit This Python script exploits CVE-2025-31161, an authentication bypass vulnerability in CrushFTP, allowing unauthenticated attackers to retrieve the user list from the getUserList API endpoint. Features Authentication bypass via CrushAuth and AWS4-HMAC-SHA256 headers Retrieve and display usernames (-l option) Save full XML output to a file (-o option) Optional proxy support Usage bash python3 cve_2025_31161_auth_bypass.py -u "https://target:8080/" Options: | Argument | Description | | —————- | ——————————————————————— | | -u, –url | Target CrushFTP URL (required) | | –proxy | Optional proxy (e.g., https://127.0.0.1:8080) | | -l, –list | Display usernames only (clean output) | | -o, –output | Save the XML response to a file | Example bash python3 cve_2025_31161_auth_bypass.py -u "https://target:8443" –proxy https://127.0.0.1:8080 -o output.xml Request/Response ⚠️ Disclaimer This exploit is for educational and authorized testing only. Unauthorized use is illegal. Official Channels YouTube @rootctf X…Read More