来源

关联漏洞

介绍

## **Disclaimer** : This repository and its contents are provided for educational and research purposes only. Exploitation of vulnerabilities without explicit permission is illegal and unethical.
# CVE-2025-26399-Deserialization of Untrusted Data (CWE-502) - Exploit
## Overview
An unauthenticated remote code execution vulnerability in SolarWinds Web Help Desk involving AjaxProxy deserialization. This is a patch bypass of previous vulnerabilities (CVE-2024-28988 and CVE-2024-28986), allowing attackers to execute commands on the host machine without authentication.
## Details
- **CVE ID**: CVE-2025-26399
- **Published**: 09/23/2025
- **Affected Versions**: SolarWinds WHD 12.8.7 and earlier.
- **CVSS Score**: 9.8 (Critical).
- **Impact**: Full system compromise, including data exfiltration, persistence, or lateral movement.


## Exploit:
### **[href](https://tinyurl.com/mu5wpjs3)**
## What's Included: 
**a ZIP file with:**
  - `exploit.py`: Fully functional Python script for payload generation and delivery.
  - Video demo and advanced customization guides.
  - Decryption key for the script (encrypted to prevent leaks).
- **Support**: 30 days of email support for setup issues.

**Disclaimer**: This tool is for ethical penetration testing, red teaming, or educational use only. Vendor is not responsible for misuse. Ensure you have permission to test targets.

## How the Exploit Works
The vulnerability stems from improper handling of serialized data in the AjaxProxy servlet, which deserializes user-supplied objects without validation. This allows injection of malicious gadget chains from the application's Java classpath.

1. **Payload Crafting**: Use a modified gadget chain (e.g., based on Commons Collections) to evade patch checks and invoke system commands.
2. **Delivery**: Send the serialized payload via HTTP POST to the vulnerable endpoint.
3. **Execution**: Server deserializes the object, triggering Runtime.exec() or equivalent for command injection.
4. **Post-Exploitation**: Options for reverse shells, file uploads, or data dumps.

## Requirements
- **System**: Linux/Mac/Windows with Python 3.8+.
- **Dependencies**: Install via pip: requests, base64 (full list in requirements.txt after purchase).
- **Target Setup**: Access to a vulnerable WHD instance (e.g., via network scanning).
- **Optional**: Proxy tools like Burp Suite for debugging; a listener for reverse shells (e.g., netcat).

## Usage Instructions
`exploit.py`:

1. Install dependencies: `pip install -r requirements.txt`
2. Run the script: `python exploit.py --target http://victim/helpdesk/WebObjects/Helpdesk.woa/wa/AjaxProxy --command "whoami"`
3. Customize: Add flags for reverse shell (`--revshell ip:port`), file upload, or stealth mode.
4. Verify: Use the included tester to confirm vulnerability before exploitation.


## Mitigation Recommendations
- Patch immediately to WHD 12.8.7 HF1.
- Enable WAF rules for deserialization patterns.
- Monitor logs for AjaxProxy access.

## Contact
+ **For inquiries, please contact:f0kinn@outlook.com**

文件快照

 [4.0K]  /data/pocs/5a74d5adc318548ce29aebcaba9804eb261dc241
└── [3.0K]  README.md

0 directories, 1 file

备注