tooryx
commented
3 weeks ago Hey @uuuj4,
Currently, we are not interested in vulnerabilities for CrushFTP but please feel free to suggest more plugins.
~tooryx
Closed uuuj4 closed 3 weeks ago
tooryx
commented
3 weeks ago Hey @uuuj4,
Currently, we are not interested in vulnerabilities for CrushFTP but please feel free to suggest more plugins.
~tooryx
Hello.
I would like to start implementing a plugin to detect CVE-2023-43177,This vulnerability should be relatively new and has been patched.
https://nvd.nist.gov/vuln/detail/CVE-2023-43177 https://convergetp.com/2023/11/16/crushftp-zero-day-cve-2023-43177-discovered/
The vulnerability has been assigned a CVE ID CVE-2023-43177
CrushFTP is a powerful File Transfer Protocol (FTP) server software designed to provide enterprises with secure and reliable file transfer solutions. CrushFTP vulnerability The principle is that the program implements an anonymous access mechanism, and the parameters of the current session can be polluted through the header, resulting in some unexpected operations. Successful exploitation can execute arbitrary code.
The vulnerability can be exploited remotely without authentication and user interaction. CrushFTP affected versions are less than 10.5.1 The vulnerability can be verified using the docker image.
Please let me know if this is in scope to start with its development.