CrushFTP Vulnerability scope

CrushFTP is a proprietary multi-protocol, multi-platform file transfer server originally developed in 1999. CrushFTP is shareware with a tiered pricing model. It is targeted at home users on up to enterprise users

CrushFTP supports FTP, FTPS, SFTP, HTTP, HTTPS, WebDAV and WebDAV SSL. Additionally, although not a protocol, it has both AJAX/HTML5 and Java applet web interfaces for end users to manage their files from a web browser.

One of the more powerful areas of CrushFTP is the WebInterface. It allows for simple file transfers for users with only the use of a web browser. All major browsers are supported. You can customize the colors, logos, styles, and with your own custom javascript, you can change virtually any other aspect too.

Researching CrushFTP and want to get the highest payout for your research?


We are currently looking for Pre auth RCE vulnerabilities in CrushFTP.

Click the button below and let’s discuss further!