Closed postmodern closed 2 months ago
Ended up adapting the Dockerfile
:
FROM ubuntu:latest
WORKDIR /var/opt
RUN apt-get update -qq && \
apt-get install -qq -y unzip wget openjdk-17-jre-headless && \
wget -q https://github.com/the-emmons/CVE-2023-43177/releases/download/crushftp_software/CrushFTP10.zip && \
unzip CrushFTP10.zip
EXPOSE 21
EXPOSE 8080
EXPOSE 443
EXPOSE 2222
WORKDIR /var/opt/CrushFTP10
CMD java -Xmx1024m -jar CrushFTP.jar -d
$ docker built -t vuln-crushftp .
$ docker run -p 2121:21 -p 4443:443 -p 8080:8080 -p 9090:9090 -p 2222:2222 vuln-crushftp
Add a PoC exploit for CVE-2024-4040, unauthenticated server side template injection (SSTI) vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0.
Reference PoCs
Vuln App
How to Submit a PoC
See the CONTRIBUTING file for instructions on how to submit a PoC exploit.