关联漏洞
标题:Melis Platform 安全漏洞 (CVE-2025-10352)Description:Melis Platform是Melis Platform开源的一个开源跨框架数字平台。 Melis Platform存在安全漏洞,该漏洞源于melis-core模块,未经验证的攻击者可通过请求/melis/MelisCore/ToolUser/addNewUser创建管理员账户,可能导致权限提升。
Description
Exploit for CVE-2025-10352. Admin account creation on Melis Platform Framework
介绍
# CVE-2025-10352 POC - Admin Account Creation 🛠️
> POC for CVE-2025-10352: An unauthenticated endpoint in Melis Platform (melis-core) that allows creation of an administrator account via a crafted HTTP request to a specific admin endpoint.
---
## 🔗 References
- 📄 [CVE-2025-10352 on MITRE](https://www.cve.org/CVERecord?id=CVE-2025-10352)
- 📄 [Melis Platform Warning on INCIBE (Spanish National Cybersecurity Institute)](https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-melis-platform)
- 📄 PoC: `CVE-2025-10352-POC.txt` (raw HTTP request exported from Burp)
---
## 🚀 Description
This PoC targets an **unauthenticated administrative endpoint** in the `melis-core` module:
```
/melis/MelisCore/ToolUser/addNewUser
```
A remote unauthenticated attacker can submit a crafted request to this endpoint to create a new user with administrator privileges. Because the endpoint lacks proper authentication and authorization checks, the attacker gains persistent administrative access to the application.
**Impact includes:**
- Creation of persistent admin accounts.
- Full administrative takeover of the web application.
- Potential lateral movement, data exfiltration, and destructive actions.
---
## 🛠️ Requirements
- Burp Suite (recommended) or any HTTP proxy that accepts raw HTTP requests.
- `curl`, `nc`/`netcat`, or `socat` for manual testing if you prefer CLI.
- Access to `CVE-2025-10352-POC.txt` (raw HTTP request exported from Burp).
- Authorization to test the target system (see legal notice).
---
## 🧪 Usage
### Basic check (Burp Repeater)
1. Open Burp → Repeater.
2. Open `CVE-2025-10352-POC.txt`, copy the raw HTTP request.
3. Paste into a new Repeater tab, set the proper host and press **Send**.
4. Check response for success (200/201/302 or JSON/text confirming creation).
5. Attempt login with the created credentials or confirm via the user listing endpoint.
---
## ⚠️ Disclaimer
This document is for authorized security testing and remediation only. Do **not** use the PoC or reproduction steps against systems you do not own or do not have explicit permission to test. The author is not responsible for misuse.
---
Made with ❤️ by Manuel Iván San Martín Castillo
文件快照
[4.0K] /data/pocs/1fb5cbe6944fb5295c29257a7be5e68c02b947d2
├── [3.3K] CVE-2025-10352-POC.txt
├── [1.0K] LICENSE
└── [2.4K] README.md
1 directory, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。