Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-25137 PoC — Umbraco 安全漏洞

Source
https://github.com/dact91/CVE-2019-25137-RCE
Associated Vulnerability
Title:Umbraco 安全漏洞 (CVE-2019-25137)
Description:Umbraco是丹麦Umbraco公司的一套C#编写的开源的内容管理系统(CMS)。 Umbraco CMS 7.12.4版本存在安全漏洞,该漏洞源于允许经过身份验证的管理员通过 xsltSelection 中的 msxsl:script 对 developer/Xslt/xsltVisualize.aspx 执行远程代码。
Description
CVE-2019-25137 is an Umbraco RCE vulnerability, the script within this repo is slightly altered
Readme
# CVE-2019-25137-RCE
CVE-2019-25137 is an Umbraco RCE vulnerability, the script within this repo is slightly altered

This exploit script is based on script by [Alexandre ZANNI](https://github.com/noraj) [EDB-ID 49488](https://www.exploit-db.com/exploits/49488).
It is slightly altered, changed the flow to skip token extraction before login, performed the login first (without a token), then captured the real CSRF token from the login response cookies.

⚠️ **Disclaimer:** This exploit code is provided **for educational and research purposes only**. Unauthorized use against systems you do not own or have explicit permission to test is illegal and unethical. Use responsibly.
File Snapshot

 [4.0K]  /data/pocs/d7f7f48182ac10dac8f4d20394b243dcb2ad800e
├── [4.0K]  CVE-2019-25137.py
└── [ 684]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.