## https://sploitus.com/exploit?id=AE1ECFB8-7C48-5167-8BF0-4E4A6A79079F
# FreePBX CVE-2025 Vulnerability Scanner
## โ ๏ธ DISCLAIMER
**THIS TOOL IS PROVIDED FOR EDUCATIONAL AND RESEARCH PURPOSES ONLY.**
The author(s) and contributor(s) of this tool:
- **DO NOT** encourage, condone, or support any illegal activities
- Are **NOT RESPONSIBLE** for any misuse, damage, or illegal actions performed with this tool
- **DISCLAIM ALL LIABILITY** for any actions taken by users of this software
- Provide this tool **"AS IS"** without warranties of any kind, either express or implied
### Legal Notice
- Unauthorized access to computer systems is **ILLEGAL** and punishable under applicable laws including but not limited to the Computer Fraud and Abuse Act (CFAA) and equivalent international laws
- This tool must **ONLY** be used on systems you own or have **explicit written permission** to test
- Users are **SOLELY RESPONSIBLE** for ensuring compliance with all applicable local, state, national, and international laws
- Any use of this tool for illegal purposes is **STRICTLY PROHIBITED**
### User Responsibility
**BY DOWNLOADING, INSTALLING, OR USING THIS TOOL, YOU ACKNOWLEDGE AND AGREE THAT:**
- You will use this tool only for lawful purposes
- You have obtained proper authorization before testing any systems
- You accept full responsibility for your actions
- The authors are not liable for any consequences resulting from your use of this tool
**IF YOU DO NOT AGREE WITH THESE TERMS, DO NOT USE THIS TOOL.**
---
## ๐ Description
A comprehensive security assessment tool for detecting and exploiting critical vulnerabilities in FreePBX systems.
## ๐ Vulnerabilities Covered
This scanner tests for the following CVEs:
- **CVE-2025-66039**: Authentication Bypass affecting webserver authentication type
- **CVE-2025-61675**: Multiple Authenticated SQL Injection vulnerabilities
- **CVE-2025-61678**: Authenticated File Upload leading to Remote Code Execution (RCE)
## โก Features
- **Authentication Bypass**: Extracts PHPSESSID session cookies to bypass authentication
- **File Upload RCE**: Tests malicious file upload capabilities with path traversal
- **SQL Injection Detection**: Scans multiple endpoints for SQL injection vulnerabilities
- **SQL Injection Exploitation**: Automatically exploits detected SQL injections
- **Multi-threaded Scanning**: Support for concurrent target scanning
- **Detailed Reporting**: Comprehensive results with vulnerability details
- **Debug Mode**: Verbose output showing all HTTP requests and responses
## ๐ Requirements
- Python 3.6+
- Required packages listed in `requirements.txt`
## ๐ Installation
```bash
# Clone the repository
git clone
cd freepbx-scanner
# Install dependencies
pip3 install -r requirements.txt
```
## ๐ป Usage
### Basic Usage
```bash
# Scan a single target
python3 freepbx_scanner.py -u http://target-ip
# Scan multiple targets from file
python3 freepbx_scanner.py -l targets.txt
# Use multiple threads
python3 freepbx_scanner.py -l targets.txt -t 10
# Enable debug mode
python3 freepbx_scanner.py -u http://target-ip -d
```
### Scan Modes
```bash
# Run all checks (default)
python3 freepbx_scanner.py -u http://target-ip --mode all
# File upload vulnerability only
python3 freepbx_scanner.py -u http://target-ip --mode upload
# SQL injection detection and exploitation only
python3 freepbx_scanner.py -u http://target-ip --mode sql
# Authentication bypass (SQL injection) only
python3 freepbx_scanner.py -u http://target-ip --mode auth
```
### Save Results
```bash
# Save scan results to file
python3 freepbx_scanner.py -l targets.txt -o results.txt
```
## ๐ Command Line Arguments
| Argument | Description |
|----------|-------------|
| `-u, --url` | Single target URL |
| `-l, --list` | File containing list of target URLs (one per line) |
| `-t, --threads` | Number of threads (default: 1) |
| `-o, --output` | Save results to output file |
| `-d, --debug` | Enable debug mode (show headers, request/response bodies) |
| `--mode` | Scan mode: all, upload, sql, auth (default: all) |
## ๐ Scan Workflow
### Complete Workflow (--mode all)
1. **Authentication Bypass** (CVE-2025-66039)
- Extracts PHPSESSID from session cookie
- Uses Basic Authentication bypass
2. **File Upload RCE** (CVE-2025-61678)
- Uploads malicious PHP file via path traversal
- Verifies file execution and accessibility
3. **SQL Injection** (CVE-2025-61675)
- Tests multiple endpoints:
- Basestation endpoint
- Firmware endpoint
- Basefile endpoint
- CustomExt endpoint
- Exploits SQL injection to inject admin user
## ๐ฏ Target File Format
Create a text file with one URL per line:
```
http://192.168.1.100
http://192.168.1.101
https://freepbx.example.com
```
Lines starting with `#` are treated as comments and ignored.
## ๐ Output Report
The tool generates detailed reports including:
- Scan summary (total, vulnerable, not vulnerable)
- Individual vulnerability status per target
- PHPSESSID extraction results
- File upload success/failure
- SQL injection detection and exploitation results
- Injected credentials (if applicable)
## ๐ก๏ธ Ethical Use Guidelines
**โ ๏ธ WARNING: This tool is for authorized security testing only!**
### Before Using This Tool:
1. โ **Obtain Written Permission**: Always get explicit written authorization from the system owner
2. โ **Document Authorization**: Keep records of all permissions and authorizations
3. โ **Follow Scope**: Only test systems within the agreed scope
4. โ **Responsible Disclosure**: Report vulnerabilities through proper channels
5. โ **Respect Privacy**: Do not access, modify, or exfiltrate sensitive data
6. โ **Know the Law**: Understand and comply with all applicable laws
### Prohibited Uses:
- โ Testing systems without explicit permission
- โ Accessing unauthorized data or systems
- โ Causing damage or disruption to services
- โ Using for malicious purposes
- โ Violating privacy or confidentiality
- โ Any illegal activities
## ๐ Legal Disclaimer
This tool is provided for educational and authorized security testing purposes only. The authors and contributors:
- Make no warranties about the tool's accuracy, reliability, or suitability for any purpose
- Are not responsible for any direct, indirect, incidental, or consequential damages
- Do not endorse or encourage any illegal use of this tool
- Provide no support for illegal activities
**Users assume all risks and responsibilities associated with using this tool.**
## ๐ Troubleshooting
### SSL Certificate Errors
SSL warnings are disabled by default. If you encounter issues, ensure you're using the correct protocol (http/https).
### Connection Timeouts
- Increase timeout values in the code if needed
- Check network connectivity to targets
- Verify target is running FreePBX
### No Vulnerabilities Detected
- Ensure target is running a vulnerable FreePBX version
- Try debug mode (`-d`) to see detailed request/response data
- Verify credentials if authentication is required
## ๐ References
- CVE-2025-66039: Authentication Bypass
- CVE-2025-61675: SQL Injection Vulnerabilities
- CVE-2025-61678: File Upload RCE
## ๐ฅ Contributing
Contributions are welcome! Please ensure all contributions:
- Follow responsible disclosure practices
- Are for legitimate security research purposes
- Include appropriate documentation
- Comply with ethical guidelines
## ๐ง Contact
For security issues or questions, please contact through appropriate security channels and follow responsible disclosure practices.
---
## ๐ Final Reminder
**AUTHORIZED USE ONLY**
This tool is a powerful security testing instrument. With great power comes great responsibility. Always:
- Act ethically and legally
- Obtain proper authorization
- Follow responsible disclosure
- Respect privacy and security
- Document your activities
- Be accountable for your actions
**Remember: Unauthorized access is a crime. Use responsibly and ethically!**
---
*This project is intended to help security professionals and researchers identify and remediate vulnerabilities. It should never be used for malicious purposes.*