A totally unauthenticated file-upload endpoint in Visual Composer lets anyone drop arbitrary files (e.g., a JSP web-shell) onto the server.# CVE-2025-31324-File-Upload
A totally unauthenticated file-upload endpoint in Visual Composer lets anyone drop arbitrary files (e.g., a JSP web-shell) onto the server.
Proof-of-concept tool to check for and exploit the unauthenticated file upload vulnerability (CVE-2025-31324) in SAP NetWeaver Visual Composer's "Metadata Uploader" component.
**Disclaimer:** This tool is intended for authorized security testing only. Unauthorized scanning or exploitation of systems is illegal and unethical.
## Features
* **Default Mode: OAST Check:** Checks for vulnerability using Java Deserialization payload and OAST callback.
* Requires user-provided OAST hostname (`--oast-host`) for verification.
* **Exploit Mode:** Explicitly trigger exploitation by uploading a specified file using `--exploit-file <PATH>`.
* Accepts targets as `host[:port]` (defaults to HTTP) or full URLs (`http[s]://host[:port][/path]`).
* Configurable concurrency for scanning multiple targets (`--threads`).
* Legacy TLS support (`--legacy-ssl`) for older servers.
* Automatic retry for common SSL certificate verification errors.
* Optional `--insecure` flag to bypass all SSL errors.
* Verbose logging (`-v`, `-vv`) and optional CSV/JSON output (`-o`).
* Colorized console output.
## Installation
```bash
# Clone the repository (or download the script)
# git clone <repo_url>
# cd <repo_directory>
# Install dependencies
pip install -r requirements.txt
登录后查看神龙缓存的 POC 文件快照
登录查看