关联漏洞
标题:
Umbraco 安全漏洞
(CVE-2019-25137)
描述:Umbraco是丹麦Umbraco公司的一套C#编写的开源的内容管理系统(CMS)。 Umbraco CMS 7.12.4版本存在安全漏洞,该漏洞源于允许经过身份验证的管理员通过 xsltSelection 中的 msxsl:script 对 developer/Xslt/xsltVisualize.aspx 执行远程代码。
描述
CVE-2019-25137 is an Umbraco RCE vulnerability, the script within this repo is slightly altered
介绍
# CVE-2019-25137-RCE
CVE-2019-25137 is an Umbraco RCE vulnerability, the script within this repo is slightly altered
This exploit script is based on script by [Alexandre ZANNI](https://github.com/noraj) [EDB-ID 49488](https://www.exploit-db.com/exploits/49488).
It is slightly altered, changed the flow to skip token extraction before login, performed the login first (without a token), then captured the real CSRF token from the login response cookies.
⚠️ **Disclaimer:** This exploit code is provided **for educational and research purposes only**. Unauthorized use against systems you do not own or have explicit permission to test is illegal and unethical. Use responsibly.
文件快照
[4.0K] /data/pocs/d7f7f48182ac10dac8f4d20394b243dcb2ad800e
├── [4.0K] CVE-2019-25137.py
└── [ 684] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。