Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

CVE-2019-25137 PoC — Umbraco 安全漏洞

Source
https://github.com/dact91/CVE-2019-25137-RCE
Associated Vulnerability
Title:Umbraco 安全漏洞 (CVE-2019-25137)
Description:Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx.
Description
CVE-2019-25137 is an Umbraco RCE vulnerability, the script within this repo is slightly altered
Readme
# CVE-2019-25137-RCE
CVE-2019-25137 is an Umbraco RCE vulnerability, the script within this repo is slightly altered

This exploit script is based on script by [Alexandre ZANNI](https://github.com/noraj) [EDB-ID 49488](https://www.exploit-db.com/exploits/49488).
It is slightly altered, changed the flow to skip token extraction before login, performed the login first (without a token), then captured the real CSRF token from the login response cookies.

⚠️ **Disclaimer:** This exploit code is provided **for educational and research purposes only**. Unauthorized use against systems you do not own or have explicit permission to test is illegal and unethical. Use responsibly.
File Snapshot

 [4.0K]  /data/pocs/d7f7f48182ac10dac8f4d20394b243dcb2ad800e
├── [4.0K]  CVE-2019-25137.py
└── [ 684]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →