Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-49113 PoC — Roundcube Webmail 安全漏洞

Source
https://github.com/hackmelocal/HML-CVE-2025-49113-Round-Cube
Associated Vulnerability
Title:Roundcube Webmail 安全漏洞 (CVE-2025-49113)
Description:Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
Readme
#  Cybersecurity Challenge Environment

> 🧠 **This challenge environment is provided for the [HackMeLocal.com](https://hackmelocal.com) community** — a platform for hands-on cybersecurity learning.

**⚠️ WARNING: This application is intentionally vulnerable and for educational purposes only.** Do not deploy it in a production or public-facing environment. It is designed for security simulation and training.

This repository provides a self-contained web challenge that can be run easily with Docker.

---

## 🚀 Getting Started

You can run this challenge environment in two easy ways:

*   ✅ **Option 1:** Run locally with Docker
*   ✅ **Option 2:** Run online with GitHub Codespaces

---

## 🖥️ Option 1: Run Locally (Using Docker)

### ✅ Requirements

*   [Docker Desktop](https://www.docker.com/products/docker-desktop)
*   [Git](https://git-scm.com/downloads)

### 🔧 Steps

1.  Clone this repository:
    ```bash
    # Replace the URL with the one for this specific repository
    git clone <repository_url>
    cd <repository_directory>
    ```

2.  Start the application environment:
    ```bash
    docker compose up
    ```

3.  Open your browser and visit the local address, which is typically:
    ```
    http://localhost:8000
    ```
    *(Note: The port may vary. Check the `docker-compose.yml` file if 8000 doesn't work.)*

---

## ☁️ Option 2: Run in GitHub Codespaces (No Installation Needed)

1.  Click the green **`Code`** button on this repository's GitHub page.
2.  Select the **`Codespaces`** tab.
3.  Click **`Create codespace on main`**.
4.  Once the environment loads, a terminal will be available. Run the following command:
    ```bash
    docker compose up
    ```
5.  GitHub will automatically detect the running service and show a pop-up to open the application in a new browser tab.

---

## 🎯 Purpose of This Environment

This project is a self-contained, **intentionally vulnerable application** designed for:

*   Practicing web application security skills.
*   Learning to identify and exploit common vulnerabilities in a safe, legal environment.
*   Serving as a ready-to-run CTF (Capture The Flag) challenge for simulation.

---

## ⚠️ Critical Security Disclaimer

This software is **designed to be vulnerable**. It is provided for educational and research purposes only.

**DO NOT** deploy this application on a public network or in a production environment. You are solely responsible for any and all actions you take with this code and for securing the environment in which it runs. The creators and contributors are not liable for any misuse or damage.

---

## 🤝 Community & Learning

This challenge is part of the learning ecosystem at **[HackMeLocal.com](https://hackmelocal.com)**. We encourage you to explore other challenges, learn new techniques, and join the community.
File Snapshot

 [4.0K]  /data/pocs/a9834fc0ae7e3b630bd2bb1f319a38f9c8be54df
├── [ 956]  docker-compose.yml
├── [4.8K]  installer.sh
└── [2.8K]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →