关联漏洞
描述
This vulnerability could allow a malicious user to execute remote code by sending appropriately crafted requests to the default search engine SolrSearch
介绍
## 📜 **Description**
A **critical RCE vulnerability** exists in **XWiki** that allows **unauthenticated attackers** to execute arbitrary system commands via vulnerable API endpoints.
Exploitation can result in:
- **Full server takeover**
- **Data theft or destruction**
- **Pivoting into internal networks**
---
## 💥 **Impact**
- **Complete compromise** of the affected XWiki instance and underlying OS.
- **Loss of confidentiality, integrity, and availability**.
---
## 🛠 **Fix / Mitigation**
- **Upgrade** to the latest patched version (****).
- **Restrict** or disable vulnerable API endpoints.
- Apply **WAF rules** to block malicious payloads.
## Exploitation:
## SHODAN DORK : ``` http.title:"XWiki" ```
<img width="1900" height="336" alt="Screenshot 2025-08-08 111156" src="https://github.com/user-attachments/assets/078abbf0-4012-4798-8c8f-5abcd9f7df3c" />
## Usage:
``` git clone https://github.com/Hex00-0x4/CVE-2025-24893-XWiki-RCE.git ```
```cd CVE-2025-24893-XWiki-RCE ```
```python3 CVE-2025-24893.py```
<img width="1477" height="742" alt="Screenshot 2025-08-08 111415" src="https://github.com/user-attachments/assets/b1e4d6d0-b1d7-4561-bbce-ce98c0e64ee0" />
文件快照
[4.0K] /data/pocs/a32b762d56d5ec03e1e2f7b066e12d8e7ff065d4
├── [3.3K] CVE-2025-24893.py
├── [1.0K] LICENSE
└── [1.2K] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。