关联漏洞
标题:
Silverpeas 安全漏洞
(CVE-2025-46047)
描述:Silverpeas是Silverpeas开源的一套开源的业务协作平台。该平台包括项目管理、博客、论坛和文档管理等应用程序。 Silverpeas 6.4.1版本和6.4.2版本存在安全漏洞,该漏洞源于用户枚举,可能导致通过Login参数获取有效用户名。
描述
PoC for Silverpeas <= 6.4.2 Username Enumeration
介绍
# CVE-2025-46047
## Silverpeas <= 6.4.2 Username Enumeration PoC
Proof-of-Concept script for demonstrating a username enumeration vulnerability in Silverpeas versions 6.4.1 and 6.4.2.
## Vulnerability Details
* **Affected Software:** Silverpeas
* **Affected Versions:** 6.4.1, 6.4.2 (and potentially earlier versions)
* **Fixed Version:** 6.4.3
* **Vulnerability Type:** Username Enumeration via Observable Response Discrepancy (CWE-204)
* **Vendor Tracking ID:** Silverpeas Bug #14829
**Summary:** The vulnerability exists in the forgot password functionality (`/silverpeas/CredentialsServlet/ForgotPassword` endpoint). By sending POST requests with potential usernames in the `Login` parameter, the server responds with different HTTP status codes (200 OK for valid users, 302 Found for invalid users). This discrepancy allows a remote, unauthenticated attacker to determine valid usernames on the system.
## Proof-of-Concept (PoC) Script
* **Script Name:** `silverpeas_enum_poc.py`
* **Description:** This Python script automates the process of sending requests to the vulnerable endpoint with usernames (provided individually or from a wordlist) and identifies potentially valid/invalid accounts based on the server's HTTP status code response.
## Usage
### Requirements
* Python 3.x
* `requests` library (`pip install requests`)
### Instructions
1. Clone the repository or download the script (`silverpeas_enum_poc.py`).
2. Install dependencies: `pip install requests`
3. Run the script from your terminal:
* **Test a single username:**
```bash
python silverpeas_enum_poc.py <TARGET_URL> -u <USERNAME>
```
*Example:* `python silverpeas_enum_poc.py http://vulnerable-silverpeas.local -u admin`
* **Test usernames from a file:**
```bash
python silverpeas_enum_poc.py <TARGET_URL> -w <WORDLIST_FILE>
```
*Example:* `python silverpeas_enum_poc.py https://vulnerable-silverpeas.com -w users.txt`
### Output
The script will output:
* `[+] Username '...' appears VALID (Status: 200)` for usernames likely corresponding to existing accounts.
* `[-] Username '...' appears INVALID (Status: 302)` for usernames likely not corresponding to existing accounts.
## Disclaimer
This script is provided for educational purposes and for demonstrating the vulnerability. Use this script responsibly and only against systems you have explicit, written authorization to test. Unauthorized scanning or testing is illegal and unethical. The author assumes no liability and is not responsible for any misuse or damage caused by this script.
## Author / Credit
* **Shantanu Saxena / j0ey17**
## Disclosure Timeline
* **Discovered:** 08/04/2025
* **Reported to Vendor (Silverpeas):** 08/04/2025
* **Vendor Acknowledged / Assigned ID (#14829):** 09/04/2025
* **Patch Released (Version 6.4.3):** 11/04/2025
* **PoC Published:** 14/04/2025
* **CVE ID: CVE-2025-46047**
## References
* **[(Vendor Fix PR)](https://github.com/Silverpeas/Silverpeas-Core/pull/1399)**
文件快照
[4.0K] /data/pocs/86c899dbcd7cd322c7c624d2128fecc30d6d98b9
├── [1.0K] LICENSE
├── [3.0K] README.md
└── [4.3K] silverpeas_enum_poc.py
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。