Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

CVE-2019-25024 PoC — Aaron Crawford OpenRepeater 操作系统命令注入漏洞

Source
https://github.com/codexlynx/CVE-2019-25024
Associated Vulnerability
Title:Aaron Crawford OpenRepeater 操作系统命令注入漏洞 (CVE-2019-25024)
Description:OpenRepeater (ORP) before 2.2 allows unauthenticated command injection via shell metacharacters in the functions/ajax_system.php post_service parameter.
Description
Full exploit code for CVE-2019-25024 an unauthenticated command injection flaw in OpenRepeater.
Readme
## [CVE-2019-25024] OpenRepeater (ORP) / Unauthenticated Command Injection

### Advisories:
* MITRE CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25024
* US NIST: https://nvd.nist.gov/vuln/detail/CVE-2019-25024
* Tenable: https://www.tenable.com/cve/CVE-2019-25024
* VulDB: https://vuldb.com/?id.170172
* Ubuntu: https://ubuntu.com/security/CVE-2019-25024
* Debian: https://security-tracker.debian.org/tracker/CVE-2019-25024
* Launchpad: https://launchpad.net/bugs/cve/CVE-2019-25024

### Usage:

```sh
$ python exploit.py
Usage: exploit.py <scheme>://<address> <command>
```
File Snapshot

 [4.0K]  /data/pocs/6480414aa044b3aaf491796c38a1afe34805a629
├── [ 736]  exploit.py
└── [ 591]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →