Demo web server# CVE-2025-34100-demo
Demo web server
> [!NOTE]
> Please note that this is just the PHP files for the website, to understand the CVE better and create a more effective PoC, visit https://nvd.nist.gov/vuln/detail/CVE-2025-34100
>
> These files will not cause the CVE, but rather are the entry point to exploit the CVE. The CVE is found in the CMS.
Please put the files like this:
```bash
/var/www/html/biteinstall/
├── index.php
├── pages
│ ├── about.php
│ ├── home.php
│ ├── refund.php
│ ├── shop.php
│ └── thankyou.php
└── photo
├── cheeseburger.jpg
├── cookie.jpg
├── pizza.jpg
└── ramen.jpg
```
Ensure that in the refund.php file, the IP ADDRESS is correct!:
```php
<form method="post" action="http://[YOUR IP ADDRESS FOR YOUR MACHINE]:80/themes/dashboard/assets/plugins/jquery-file-upload/server/php/" enctype="multipart/form-data">
<label>Attach a photo of your receipt</label><br>
<input type="file" name="files[]" />
<input type="submit" value="send" />
</form>
```
Wow, getting ideas for EH? Too bad, CVE is too old for you.
How about trying a buffer overflow? I heard that's good.
[4.0K] /data/pocs/866cad908f0e8b49f8b2d38bda40db67d709a91f
├── [ 818] about.php
├── [2.2M] cheeseburger.jpg
├── [1.5M] cookie.jpg
├── [ 741] home.php
├── [707K] pizza.jpg
├── [2.1M] ramen.jpg
├── [1.2K] README.md
├── [ 783] refund.php
├── [1.4K] shop.php
└── [ 413] thankyou.php
0 directories, 10 files