CVE-2025-29705 PoC — code-gen 安全漏洞

Source

https://github.com/yxzrw/CVE-2025-29705

Associated Vulnerability

Title:code-gen 安全漏洞 (CVE-2025-29705)
Description:code-gen是tanghc个人开发者的一款代码生成工具。 code-gen 2.0.6及之前版本存在安全漏洞，该漏洞源于缺乏权限控制，可能导致任意访问。

Description

CVE-2025-29705

Readme

# CVE-2025-29705
CVE-2025-29705
# 简介

code-gen: 一款代码生成工具，可自定义模板生成不同的代码，支持MySQL、Oracle、SQL Server、PostgreSQL

https://gitee.com/durcframework/code-gen

这个项目没有做权限控制，任何人都可以随意访问已经部署在公网的该类项目，导致数据库账号密码泄露

fofa资产搜集语法

fofa="chunk-libs.b1df3b78.js"

# 案例一

http://xxxx:8884/

![image](https://github.com/user-attachments/assets/beb053bf-c384-4db7-87e1-01e5ffabe17c)


选择数据库->编辑

![image](https://github.com/user-attachments/assets/4d02ae08-2870-4984-a121-b89f2996f1c3)


使用navicat尝试连接

![image](https://github.com/user-attachments/assets/3dc20785-6d71-440d-aaae-a414913df313)


![image](https://github.com/user-attachments/assets/e304530a-bdcf-4f34-8d9d-27b027799582)

File Snapshot


 [4.0K]  /data/pocs/45d20d4d148f543a8d6c843c8c135e92dcee1c21
└── [ 857]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!