Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-12916 PoC — Sangfor Operation and Maintenance Security Management System Frontend portal_login command injection

Source
https://github.com/Jinxia62/Sangfor-CVE-2025-12916
Associated Vulnerability
Title:Sangfor Operation and Maintenance Security Management System Frontend portal_login command injection (CVE-2025-12916)
Description:A vulnerability was determined in Sangfor Operation and Maintenance Security Management System 3.0. Impacted is an unknown function of the file /fort/portal_login of the component Frontend. This manipulation of the argument loginUrl causes command injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 3.0.11 and 3.0.12 is recommended to address this issue. It is advisable to upgrade the affected component.
Description
深信服CVE-2025-12916远程命令执行漏洞批量检测工具  || 作者:金夏安全
Readme
# Sangfor-CVE-2025-12916
深信服CVE-2025-12916远程命令执行漏洞批量检测工具  || 作者:金夏安全
# 深信服OSM漏洞批量检测工具

<img width="1218" height="821" alt="image" src="https://github.com/user-attachments/assets/8c14a783-71fe-4fd7-8f99-cebb5d17c4ff" />
<img width="1175" height="441" alt="image" src="https://github.com/user-attachments/assets/99ebee67-4654-4950-8938-f3270892ea9b" />


一款针对深信服运维安全管理系统(OSM) CVE-2025-12916 远程命令执行漏洞的批量检测工具。

## 🚨 漏洞信息

- **漏洞编号**: CVE-2025-12916
- **漏洞类型**: 远程命令执行
- **影响版本**: 深信服OSM < 3.0.12 20241106
- **漏洞文件**: `/fort/portal_login`
- **漏洞参数**: `loginUrl`

## ✨ 功能特点

- 🚀 多线程批量检测
- ⏹️ 支持Ctrl+C优雅停止
- 📊 实时进度显示
- 💾 自动保存结果
- 🔍 多种payload尝试
- 🛡️ 自动HTTP/HTTPS切换
- 📈 详细统计报告

## 🛠️ 安装使用

### 环境要求
- Python 3.6+
- 依赖库: `requests`
File Snapshot

 [4.0K]  /data/pocs/c3af9612c304d7fe08f524078211dddfbd5ce15a
├── [ 20K]  CVE-2025-12916.py
└── [1.0K]  README.md

1 directory, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →