POC详情: bae57c94fefc358ff75e74fad35c834b0a50c060

来源
https://github.com/Gooseinpants/Dashy-auth-bypass
关联漏洞

疑似Oday

描述
CVE-2025-57617 exploitation
介绍
# Dashy Auth bypass
Exploit Title: Dashy authentication bypass\
Date: 02.10.2025\
Vendor Homepage: [Dashy.to](https://dashy.to/)\
Version: 3.1.1\
Tested on: 3.1.1\
CVE: CVE-2025-57617

Default version of authentication can be bypassed. Config YAML file, containing users information, including login, password hash and hash algorithm for each user, including dashboard admin. Intercepting the response with this file using Burp Suite allows to tamper with hash and replace it with arbitrary value. It can be done with "Match and replace" tool in Burp suite. That way it's possible to replace hash with the hash of your password and simply use this password to login. By login as administrator it's possible to get control over dashboard and its content
文件快照

 [4.0K]  /data/pocs/bae57c94fefc358ff75e74fad35c834b0a50c060
└── [ 753]  README.md

0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。