来源

关联漏洞

描述

FOGProject Authentication bypass CVE-2025-58443 Exploit

介绍

# CVE-2025-58443

exploit POC for https://github.com/FOGProject/fogproject which is authentication bypass leads to dump DB that include full DB dump, that include clear text password and users and admin password hash. 

vulnerable version : 1.5.10.1673


below a script that will exploit the vulnerability and can do the following :
Dump Full MysqlDB
exploit SSRF vulnerability
list files on the server


the DB dump contains the hashed passwords and clear text passwords for FTPs etc ...

<img width="887" height="162" alt="image" src="https://github.com/user-attachments/assets/e6ab3a88-4190-48af-84b6-48f77d2a324c" />

resuts : 

<img width="947" height="198" alt="image" src="https://github.com/user-attachments/assets/ffd77119-5bcd-4f7e-8bcd-d6ca4bcd65c4" />

SSRF exploit :

<img width="946" height="117" alt="image" src="https://github.com/user-attachments/assets/048f95bb-4f7f-428b-98a3-6ac40310a76e" />

list files exploit :

<img width="936" height="376" alt="image" src="https://github.com/user-attachments/assets/994d8ed9-0fd2-4d8a-9133-08ceda9b64ce" />



```
I, the creator, am not responsible for any actions, and or damages, caused by this software.

You bear the full responsibility of your actions and acknowledge that this software was created for educational purposes only.

This software's main purpose is NOT to be used maliciously, or on any system that you do not own, or have the right to use.

By using this software, you automatically agree to the above.
```

文件快照

 [4.0K]  /data/pocs/930f3583a87015714f9a6c97a1addaca9ca08f28
├── [4.4K]  exp.py
└── [1.5K]  README.md

0 directories, 2 files

备注