来源

关联漏洞

描述

A totally unauthenticated file-upload endpoint in Visual Composer lets anyone drop arbitrary files (e.g., a JSP web-shell) onto the server.

介绍

# CVE-2025-31324-File-Upload
A totally unauthenticated file-upload endpoint in Visual Composer lets anyone drop arbitrary files (e.g., a JSP web-shell) onto the server.


Proof-of-concept tool to check for and exploit the unauthenticated file upload vulnerability (CVE-2025-31324) in SAP NetWeaver Visual Composer's "Metadata Uploader" component.

**Disclaimer:** This tool is intended for authorized security testing only. Unauthorized scanning or exploitation of systems is illegal and unethical.

## Features

*   **Default Mode: OAST Check:** Checks for vulnerability using Java Deserialization payload and OAST callback.
    *   Requires user-provided OAST hostname (`--oast-host`) for verification.
*   **Exploit Mode:** Explicitly trigger exploitation by uploading a specified file using `--exploit-file <PATH>`.
*   Accepts targets as `host[:port]` (defaults to HTTP) or full URLs (`http[s]://host[:port][/path]`).
*   Configurable concurrency for scanning multiple targets (`--threads`).
*   Legacy TLS support (`--legacy-ssl`) for older servers.
*   Automatic retry for common SSL certificate verification errors.
*   Optional `--insecure` flag to bypass all SSL errors.
*   Verbose logging (`-v`, `-vv`) and optional CSV/JSON output (`-o`).
*   Colorized console output.

## Installation

```bash
# Clone the repository (or download the script)
# git clone <repo_url>
# cd <repo_directory>

# Install dependencies
pip install -r requirements.txt

文件快照

 [4.0K]  /data/pocs/4dcb94c3cd28461a00b419bf087760a7569b1a69
├── [ 465]  helper.jsp
├── [1.0K]  LICENSE
├── [1.4K]  README.md
├── [  40]  requirements.txt
└── [ 49K]  sap_vc_poc.py

0 directories, 5 files

备注