Share
## https://sploitus.com/exploit?id=0C309248-9E9B-5250-AB89-80009B3C5E49
# CraftCMS CVE-2025-32432 Vulnerability Exploitation Tool Set

A vulnerability exploitation tool set for CraftCMS, based on research by SensePost. ## ๐Ÿ“ File Description

### ๐ŸŽฏ Main Tools

1. **`final_poc.py`** โ€“ Finalized POC
   - Supports information leakage and remote code execution
   - Automatically discovers asset IDs
   - Various session injection methods
   - Detailed debugging mode

2. **`test.py`** โ€“ Simplified version of the original SensePost article
   - Includes automatic asset ID retrieval functionality
   - Uses `yii\rbac\PhpManager` methods

3. **`automated_testing.py`** โ€“ Automated testing framework
   - Concurrent testing of multiple targets
   - Detailed test reports
   - JSON result output

### ๐Ÿ“‹ Auxiliary Files

4. **`exploit_summary.md`** โ€“ Vulnerability analysis summary
5. **`test_results.json`** โ€“ Automated test results
6. **`vulnerable.txt`** โ€“ List of confirmed vulnerabilities

## ๐Ÿš€ Usage Instructions

### Basic Usage
```bash
# Basic POC test
python3 final_poc.py https://target.com/ id

# Debug mode
python3 final_poc.py https://target.com/ "whoami" --debug

# Simplified version
python3 test.py https://target.com/ "ls -la"
```

### Automated Testing
```bash
# Create target files
python3 automated_testing.py --create-targets

# Run batch tests
python3 automated_testing.py
```

## โš ๏ธ Important Notes

### Vulnerability Mechanism
1. **Information Leakage**: Uses `GuzzleHttp\Psr7\FnStream` to call `phpinfo()`
2. **Code Execution**: Uses `yii\rbac\PhpManager` to load PHP code from session files

### Limitations
- **Site Lock Protection**: Many CraftCMS sites have access protection enabled
- **Session Path**: Session file paths may differ across environments
- **WAF Interception**: May be blocked by Web application firewalls

### Test Environment
- Command output may not be visible on protected sites
- It is recommended to validate in an unblocked test environment

## ๐Ÿ›ก๏ธ Protection Recommendations

1. **Upgrade CraftCMS** to fixed versions:
   - 3.9.15+
   - 4.14.15+
   - 5.6.17+

2. **Enable Site Lock** to protect the admin panel

3. **Restrict access to session files**

4. **Deploy WAF rules** to detect malicious payloads

## ๐Ÿ“– Technical References

- [SensePost CVE-2025-32432 Analysis](https://sensepost.com/blog/2025/investigating-an-in-the-wild-campaign-using-rce-in-craftcms/)
- CraftCMS official security announcements

## โš–๏ธ Disclaimer

This tool is used solely for security research and authorized penetration testing. Users must comply with local laws and regulations and must not use it for illegal purposes.