Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-10230 PoC — Samba: command injection in wins server hook script

Source
https://github.com/dptsec/CVE-2025-10230
Associated Vulnerability
Title:Samba: command injection in wins server hook script (CVE-2025-10230)
Description:A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active Directory Domain Controller’s wins hook, allowing an unauthenticated network attacker to achieve remote command execution as the Samba process.
Description
PoC for CVE-2025-10230 - Samba WINS hook command injection
Readme
# CVE-2025-10230

PoC for CVE-2025-10230 - Samba WINS hook command injection

The configuration required for this vulnerability probably affects 0 people. The injection is limited to 15 characters and must be a valid WINS name so no <>;
File Snapshot

 [4.0K]  /data/pocs/ce09f9cd8863b6178dd4ea1f89069560ea963654
├── [5.7K]  CVE-2025-10230.py
├── [4.0K]  docker
│   ├── [ 722]  docker-compose.yml
│   ├── [3.0K]  Dockerfile
│   └── [ 841]  entrypoint.sh
└── [ 237]  README.md

2 directories, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →