关联漏洞
描述
POC
介绍
# PoC for CVE-2025-24893 — XWiki Remote Code Execution (Safe PoC)
**PoC for CVE-2025-24893:** XWiki' Remote Code Execution exploit for versions prior to **15.10.11**, **16.4.1** and **16.5.0RC1**.
> ⚠️ **IMPORTANT — AUTHORIZED TESTING ONLY**
> This repository contains a *proof-of-concept* (PoC) project intended for **educational** and **authorized vulnerability testing**. Do **not** use any exploit code or techniques against systems you do not own or do not have explicit written permission to test. Unauthorized use may be illegal.
---
## Overview
- **CVE:** CVE-2025-24893
- **Product:** XWiki Platform
- **Affected versions (reported):** versions prior to **15.10.11**, **16.4.1**, and **16.5.0RC1**.
- **Impact:** Remote Code Execution (RCE) via code (Groovy) injection when certain endpoints render untrusted content.
- **PoC intent:** Demonstrate that arbitrary code execution is possible in a controlled environment — *this README and associated scripts are sanitized for safe, responsible use*.
---
## What this repository provides (safe mode)
- A **non-destructive PoC script** that demonstrates how an RCE condition might be triggered, **without** containing working exploit payloads (no reverse shells, no malicious one-liners).
- A robust **test harness** for sending benign commands (e.g. `uname -a`, `echo "POC OK"`) to a target XWiki instance you control.
---
## Requirements
- Python 3.8+
- `requests` Python package:
```bash
pip install requests
文件快照
[4.0K] /data/pocs/ad313b58525fa5dda7a4efafbd4b9a1c9b078857
├── [2.9K] exploit.py
├── [1.0K] LICENSE
└── [1.5K] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。