FOGProject Authentication bypass CVE-2025-58443 Exploit# CVE-2025-58443
exploit POC for https://github.com/FOGProject/fogproject which is authentication bypass leads to dump DB that include full DB dump, that include clear text password and users and admin password hash.
vulnerable version : 1.5.10.1673
below a script that will exploit the vulnerability and can do the following :
Dump Full MysqlDB
exploit SSRF vulnerability
list files on the server
the DB dump contains the hashed passwords and clear text passwords for FTPs etc ...
<img width="887" height="162" alt="image" src="https://github.com/user-attachments/assets/e6ab3a88-4190-48af-84b6-48f77d2a324c" />
resuts :
<img width="947" height="198" alt="image" src="https://github.com/user-attachments/assets/ffd77119-5bcd-4f7e-8bcd-d6ca4bcd65c4" />
SSRF exploit :
<img width="946" height="117" alt="image" src="https://github.com/user-attachments/assets/048f95bb-4f7f-428b-98a3-6ac40310a76e" />
list files exploit :
<img width="936" height="376" alt="image" src="https://github.com/user-attachments/assets/994d8ed9-0fd2-4d8a-9133-08ceda9b64ce" />
```
I, the creator, am not responsible for any actions, and or damages, caused by this software.
You bear the full responsibility of your actions and acknowledge that this software was created for educational purposes only.
This software's main purpose is NOT to be used maliciously, or on any system that you do not own, or have the right to use.
By using this software, you automatically agree to the above.
```
[4.0K] /data/pocs/930f3583a87015714f9a6c97a1addaca9ca08f28
├── [4.4K] exp.py
└── [1.5K] README.md
0 directories, 2 files