漏洞平台

POC详情： 63822043a25378196b7aa98c94a14f6a7866a8ed

来源

https://github.com/sumeet-darekar/CVE-2025-30208

关联漏洞

标题： Vite 访问控制错误漏洞 (CVE-2025-30208)
描述：Vite是Vite开源的一种新型的前端构建工具。 Vite存在访问控制错误漏洞，该漏洞源于URL中的`?raw??`或`?import&raw??`可以绕过文件访问限制，返回任意文件内容。

描述

mass scan for CVE-2025-30208

介绍

# CVE-2025-30208

This repository contains a Bash script that automates the process of detecting and scanning CVE-2025-30208 from a list of URLs. The script integrates Discord notifications for tracking execution status.

## Features
- Runs `detect_vite.py` to identify Vite servers from a list of URLs.
- Generates `hosts.txt` containing identified Vite servers.
- Runs `scan_vite.py` to scan the detected CVE-2025-30208.
- Sends a Discord notification when the script starts and completes execution.
- Handles missing files with proper error handling.

## flow
run script.sh
`detect_vite.py` starts on `urls.txt` --> generate `hosts.txt` (identified vulnerable vite server) --> `scan_vite.py` starts on `hosts.txt`

## for single url scan
insert url in `hosts.txt` file and then 
`python3 scan_vite.py`

## Prerequisites
- Python 3 installed
- `detect_vite.py` and `scan_vite.py` scripts in the same directory
- `urls.txt` containing URLs to scan for CVE-2025-30208
- A Discord webhook for notifications

## Installation
1. Clone the repository:
   ```sh
   git clone https://github.com/your-username/your-repo.git
   cd your-repo
   ```
2. Make the script executable:
   ```sh
   chmod +x script.sh
   ```
3. Replace `YOUR_DISCORD_WEBHOOK_URL` in `scan_vite.py` with your actual Discord webhook URL.

## Usage
Run the script using:
```sh
./script.sh
```

## Expected Behavior
- If all required files are available, the script will execute and send notifications to Discord.
- If any file is missing (`detect_vite.py`, `scan_vite.py`, `urls.txt`), the script will notify the error and exit.
- If `hosts.txt` is not generated after `detect_vite.py`, the script will notify an error and stop execution.

## Script Workflow
1. Sends a Discord message indicating script execution has started.
2. Checks for the existence of required files.
3. Runs `detect_vite.py` on `urls.txt`.
4. Verifies that `hosts.txt` was created.
5. Runs `scan_vite.py` on `hosts.txt`.
6. Sends a Discord message upon successful completion.

## Example Discord Messages
- 🟢 **Script started:** Running detect_vite and scan_vite.
- ❌ **Error:** Missing file (detect_vite.py, scan_vite.py, or urls.txt)
- ❌ **Error:** `hosts.txt` was not generated.
- ✅ **Scan completed successfully!**

## reference
[advisory!](https://github.com/advisories/GHSA-x574-m823-4x7w)

## Author
[sumeet-darekar](https://github.com/sumeet-darekar)

文件快照


 [4.0K]  /data/pocs/63822043a25378196b7aa98c94a14f6a7866a8ed
├── [4.0K]  detect_vite.py
├── [2.3K]  README.md
├── [2.8K]  scan_vite.py
└── [ 764]  script.sh

0 directories, 4 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。