关联漏洞
描述
Demo web server
介绍
# CVE-2025-34100-demo
Demo web server
> [!NOTE]
> Please note that this is just the PHP files for the website, to understand the CVE better and create a more effective PoC, visit https://nvd.nist.gov/vuln/detail/CVE-2025-34100
>
> These files will not cause the CVE, but rather are the entry point to exploit the CVE. The CVE is found in the CMS.
Please put the files like this:
```bash
/var/www/html/biteinstall/
├── index.php
├── pages
│ ├── about.php
│ ├── home.php
│ ├── refund.php
│ ├── shop.php
│ └── thankyou.php
└── photo
├── cheeseburger.jpg
├── cookie.jpg
├── pizza.jpg
└── ramen.jpg
```
Ensure that in the refund.php file, the IP ADDRESS is correct!:
```php
<form method="post" action="http://[YOUR IP ADDRESS FOR YOUR MACHINE]:80/themes/dashboard/assets/plugins/jquery-file-upload/server/php/" enctype="multipart/form-data">
<label>Attach a photo of your receipt</label><br>
<input type="file" name="files[]" />
<input type="submit" value="send" />
</form>
```
Wow, getting ideas for EH? Too bad, CVE is too old for you.
How about trying a buffer overflow? I heard that's good.
文件快照
[4.0K] /data/pocs/866cad908f0e8b49f8b2d38bda40db67d709a91f
├── [ 818] about.php
├── [2.2M] cheeseburger.jpg
├── [1.5M] cookie.jpg
├── [ 741] home.php
├── [707K] pizza.jpg
├── [2.1M] ramen.jpg
├── [1.2K] README.md
├── [ 783] refund.php
├── [1.4K] shop.php
└── [ 413] thankyou.php
0 directories, 10 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。