关联漏洞
标题:
XWiki Platform SQL注入漏洞
(CVE-2025-32429)
描述:XWiki Platform是XWiki开源的一套用于创建Web协作应用程序的Wiki平台。 XWiki Platform 9.4-rc-1至16.10.5版本和17.0.0-rc-1至17.2.2版本存在SQL注入漏洞,该漏洞源于getdeleteddocuments.vm中参数sort的错误操作导致SQL注入。
介绍
# CVE-2025-32429 Vulnerability Checker
A Python-based vulnerability scanner for detecting CVE-2025-32429 SQL injection vulnerability in XWiki platforms.
## Features
- **Single Target Scanning**: Check individual targets with `-t` option
- **Bulk Scanning**: Scan multiple targets from a file with `-l` option
- **WAF Detection**: Automatically detects Web Application Firewalls
- **Time-based Detection**: Identifies time-based SQL injection vulnerabilities
- **Error-based Detection**: Detects SQL error messages in responses
- **Multi-threading**: Fast scanning with configurable thread count
- **Verbose Output**: Detailed scanning information with `-v` flag
<img width="460" height="860" alt="image" src="https://github.com/user-attachments/assets/03db8587-174f-4d48-a31b-741d476079ac" />
## Installation
### Requirements
```bash
pip3 install requests urllib3
```
### Make executable
```bash
python vuln_checker.py
```
## Usage
### Single Target
```bash
python3 vuln_checker.py -t <target_url>
```
### Multiple Targets
```bash
python3 vuln_checker.py -l <targets_file>
```
文件快照
[4.0K] /data/pocs/a37fafac8c8378d8e557a0f4d42129891db13659
├── [1.1K] README.md
└── [ 12K] vuln_checker.py
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。