支持本站 — 捐款将帮助我们持续运营

目标:1000 元,已筹:752

75.2%
立即捐款

POC详情: 362cbea665e0d736b2eacc4f82f9014b7f02ce0c

来源
https://github.com/Sid6Effect/CVE-2025-59287
关联漏洞
标题:Microsoft Windows Server 代码问题漏洞 (CVE-2025-59287)
描述:Microsoft Windows Server是美国微软(Microsoft)公司的一套服务器操作系统。 Microsoft Windows Server存在代码问题漏洞,该漏洞源于攻击者利用该漏洞可以远程执行代码。
描述
WSUS vulnerability PoC
介绍
# CVE-2025-59287
> **⚠ This tool is created solely for educational use only. Unauthorized use outside of controlled environments is strictly prohibited.**

CVE-2025-59287 is a critical remote code execution vulnerability in Microsoft Windows Server Update Services (WSUS). It stems from unsafe deserialization of data inside WSUS components, allowing a remote, unauthenticated attacker to cause the service to deserialize a crafted .NET object and execute arbitrary code under the SYSTEM account. The vulnerability is commonly exploited by sending specially crafted SOAP requests to WSUS web endpoints. This repository was created to demonstrate a proof-of-concept for this vulnerability.

# Requirements
- Windows OS/Linux
- Python 3.4+

# How To Use
This PoC expects a payload serialized with .NET BinaryFormatter and encoded in Base64. If no payload is supplied, a benign calculator payload will be used instead. There are several ways to use a custom payload.
## 1. Edit the payload.txt file
Simply insert your payload into payload.txt.
```payload.txt
YOUR_PAYLOAD
```
The code will use payload from this file.

**Second option**:
You can add your payload manually. Open exp.py and locate the following block. Replace 'your_payload' with your Base64-encoded .NET BinaryFormatter payload.
```python
...
   if not args.no_wait:
        time.sleep(0.02)
    injected = payload_text or 'your_payload'
    success, event_id, target_sid = send_malicious_event(target, cookie, injected)
...
```

## 2. Run the code:
```bash
python exp.py http://example.local:8533
```
*(replace http://example.local:8530 with the target WSUS server URL)*

# How it works?
`encrypt.py` prepares a blob that looks like the encrypted/packed data WSUS expects; `exp.py` builds and sends SOAP requests that place that blob into WSUS fields which the vulnerable service will decrypt and deserialize — if the server is vulnerable the deserialized object can trigger code execution.

# Disclaimer
This tool is created solely for educational use only. Unauthorized use outside of controlled environments is strictly prohibited.
文件快照

 [4.0K]  /data/pocs/362cbea665e0d736b2eacc4f82f9014b7f02ce0c
├── [4.9K]  encypt.py
├── [9.7K]  exp.py
├── [  12]  payload.txt
└── [2.1K]  README.md

0 directories, 4 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。