POC详情: 427b918e7cb85076f8c4327b70aa88c3eeda2678

来源
https://github.com/r0otk3r/CVE-2025-41646
关联漏洞
标题: KUNBUS Revolution Pi 代码问题漏洞 (CVE-2025-41646)
描述:KUNBUS Revolution Pi是KUNBUS公司的一款基于 Raspberry Pi 的开放式、模块化且经济高效的工业 PC。 KUNBUS Revolution Pi存在代码问题漏洞,该漏洞源于类型转换错误,可能导致身份验证绕过。
介绍
# CVE-2025-41646 - RevPi Webstatus <= 2.4.5 Authentication Bypass Exploit

## Overview

This is a Python3 exploit script for **CVE-2025-41646**, an **Authentication Bypass vulnerability** affecting **RevPi Webstatus <= 2.4.5**.

### Vulnerability Details:

- **CVE ID**: CVE-2025-41646  
- **Affected Product**: RevPi Webstatus <= 2.4.5  
- **Impact**: Remote attackers can bypass authentication and obtain a valid admin session ID.  
- **Vulnerability Type**: Authentication Bypass  
- **Attack Vector**: Remote HTTP POST request to `/php/dal.php`

---

## Features

- Supports **single target** or **mass exploitation** via target list  
- Proxy support (e.g., Burp Suite)  
- Silent mode (prints session ID only)  
- JSON output option  
- Stores valid session IDs in an output file

---

## Usage

### Install requirements:

```bash
pip install -r requirements.txt
```
---

### Requirements:

    requests

    urllib3 (usually comes with requests)

---

### Command Examples:

#### Single Target Exploitation:
```bash
python3 cve_2025_41646_auth_bypass.py -u "http://192.168.1.100"
```
### Multiple Targets (File List):
```bash
python3 cve_2025_41646_auth_bypass.py -l targets.txt
```
### Use Proxy:
```bash
python3 cve_2025_41646_auth_bypass.py -u "http://192.168.1.100" --proxy "http://127.0.0.1:8080"
```
### Silent Mode (Prints only Session ID):
```bash
python3 cve_2025_41646_auth_bypass.py -u "http://192.168.1.100" --silent
```
### JSON Output:
```bash
python3 cve_2025_41646_auth_bypass.py -u "http://192.168.1.100" --json
```
## Script Options
| Option           | Description                                                  |
| ---------------- | ------------------------------------------------------------ |
| `-u`, `--url`    | Target URL (e.g., [http://IP](http://IP))                    |
| `-l`, `--list`   | File containing list of targets                              |
| `-o`, `--output` | Output file to save valid session IDs                        |
| `--proxy`        | Use a proxy ([http://127.0.0.1:8080](http://127.0.0.1:8080)) |
| `--json`         | Print raw JSON output                                        |
| `--silent`       | Silent mode (prints session ID only)                         |

## Output Example

<img width="1894" height="307" alt="exploit" src="https://github.com/user-attachments/assets/009adba6-d408-452e-aa70-f8c2538ec4f9" />

request/response

<img width="1920" height="672" alt="burpsuite" src="https://github.com/user-attachments/assets/9f55af98-c094-4005-b839-0deb4583980b" />


# ⚠️ Disclaimer

This tool is for educational and authorized penetration testing purposes only.
Unauthorized usage against systems without explicit permission is illegal.


## Official Channels

- [YouTube @rootctf](https://www.youtube.com/@rootctf)
- [X @r0otk3r](https://x.com/r0otk3r)
文件快照

 [4.0K]  /data/pocs/427b918e7cb85076f8c4327b70aa88c3eeda2678
├── [3.2K]  cve_2025_41646_auth_bypass.py
└── [2.8K]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。