CVE-2025-32429 PoC — XWiki Platform SQL注入漏洞

Source

https://github.com/imbas007/CVE-2025-32429-Checker

Associated Vulnerability

Title:XWiki Platform SQL注入漏洞 (CVE-2025-32429)
Description:XWiki Platform是XWiki开源的一套用于创建Web协作应用程序的Wiki平台。 XWiki Platform 9.4-rc-1至16.10.5版本和17.0.0-rc-1至17.2.2版本存在SQL注入漏洞，该漏洞源于getdeleteddocuments.vm中参数sort的错误操作导致SQL注入。

Readme

# CVE-2025-32429 Vulnerability Checker

A Python-based vulnerability scanner for detecting CVE-2025-32429 SQL injection vulnerability in XWiki platforms.

## Features

- **Single Target Scanning**: Check individual targets with `-t` option
- **Bulk Scanning**: Scan multiple targets from a file with `-l` option
- **WAF Detection**: Automatically detects Web Application Firewalls
- **Time-based Detection**: Identifies time-based SQL injection vulnerabilities
- **Error-based Detection**: Detects SQL error messages in responses
- **Multi-threading**: Fast scanning with configurable thread count
- **Verbose Output**: Detailed scanning information with `-v` flag


<img width="460" height="860" alt="image" src="https://github.com/user-attachments/assets/03db8587-174f-4d48-a31b-741d476079ac" />


## Installation

### Requirements
```bash
pip3 install requests urllib3
```

### Make executable
```bash
python vuln_checker.py
```

## Usage

### Single Target
```bash
python3 vuln_checker.py -t <target_url>
```

### Multiple Targets
```bash
python3 vuln_checker.py -l <targets_file>
```

File Snapshot


 [4.0K]  /data/pocs/a37fafac8c8378d8e557a0f4d42129891db13659
├── [1.1K]  README.md
└── [ 12K]  vuln_checker.py

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!