关联漏洞
描述
XWiki Remote Code Execution (CVE-2025-24893) PoC
介绍
# CVE-2024-4577
XWiki is a generic wiki platform offering runtime services for applications built on top of it. Not authenticated guest user can perform arbitrary remote code execution through a request to the `SolrSearch` end point.
# Usage
```
usage: CVE-2025-24893.py [-h] [-v] URL COMMAND
XWiki SolrSearchMacros Remote Code Execution (CVE-2025-24893) PoC. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-24893
positional arguments:
URL target address
COMMAND command to execute e.g. Runtime.getRuntime().exec('calc')
optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit
```
文件快照
[4.0K] /data/pocs/d59c7edb22df26a2a9e7761b758cd09fb7e3c8f4
├── [ 763] CVE-2025-24893.py
├── [1.0K] LICENSE
└── [ 684] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。