Share
## https://sploitus.com/exploit?id=AE1ECFB8-7C48-5167-8BF0-4E4A6A79079F
# FreePBX CVE-2025 Vulnerability Scanner

## โš ๏ธ DISCLAIMER

**THIS TOOL IS PROVIDED FOR EDUCATIONAL AND RESEARCH PURPOSES ONLY.**

The author(s) and contributor(s) of this tool:
- **DO NOT** encourage, condone, or support any illegal activities
- Are **NOT RESPONSIBLE** for any misuse, damage, or illegal actions performed with this tool
- **DISCLAIM ALL LIABILITY** for any actions taken by users of this software
- Provide this tool **"AS IS"** without warranties of any kind, either express or implied

### Legal Notice

- Unauthorized access to computer systems is **ILLEGAL** and punishable under applicable laws including but not limited to the Computer Fraud and Abuse Act (CFAA) and equivalent international laws
- This tool must **ONLY** be used on systems you own or have **explicit written permission** to test
- Users are **SOLELY RESPONSIBLE** for ensuring compliance with all applicable local, state, national, and international laws
- Any use of this tool for illegal purposes is **STRICTLY PROHIBITED**

### User Responsibility

**BY DOWNLOADING, INSTALLING, OR USING THIS TOOL, YOU ACKNOWLEDGE AND AGREE THAT:**
- You will use this tool only for lawful purposes
- You have obtained proper authorization before testing any systems
- You accept full responsibility for your actions
- The authors are not liable for any consequences resulting from your use of this tool

**IF YOU DO NOT AGREE WITH THESE TERMS, DO NOT USE THIS TOOL.**

---

## ๐Ÿ“– Description

A comprehensive security assessment tool for detecting and exploiting critical vulnerabilities in FreePBX systems.

## ๐Ÿ” Vulnerabilities Covered

This scanner tests for the following CVEs:

- **CVE-2025-66039**: Authentication Bypass affecting webserver authentication type
- **CVE-2025-61675**: Multiple Authenticated SQL Injection vulnerabilities
- **CVE-2025-61678**: Authenticated File Upload leading to Remote Code Execution (RCE)

## โšก Features

- **Authentication Bypass**: Extracts PHPSESSID session cookies to bypass authentication
- **File Upload RCE**: Tests malicious file upload capabilities with path traversal
- **SQL Injection Detection**: Scans multiple endpoints for SQL injection vulnerabilities
- **SQL Injection Exploitation**: Automatically exploits detected SQL injections
- **Multi-threaded Scanning**: Support for concurrent target scanning
- **Detailed Reporting**: Comprehensive results with vulnerability details
- **Debug Mode**: Verbose output showing all HTTP requests and responses

## ๐Ÿ“‹ Requirements

- Python 3.6+
- Required packages listed in `requirements.txt`

## ๐Ÿš€ Installation

```bash
# Clone the repository
git clone 
cd freepbx-scanner

# Install dependencies
pip3 install -r requirements.txt
```

## ๐Ÿ’ป Usage

### Basic Usage

```bash
# Scan a single target
python3 freepbx_scanner.py -u http://target-ip

# Scan multiple targets from file
python3 freepbx_scanner.py -l targets.txt

# Use multiple threads
python3 freepbx_scanner.py -l targets.txt -t 10

# Enable debug mode
python3 freepbx_scanner.py -u http://target-ip -d
```

### Scan Modes

```bash
# Run all checks (default)
python3 freepbx_scanner.py -u http://target-ip --mode all

# File upload vulnerability only
python3 freepbx_scanner.py -u http://target-ip --mode upload

# SQL injection detection and exploitation only
python3 freepbx_scanner.py -u http://target-ip --mode sql

# Authentication bypass (SQL injection) only
python3 freepbx_scanner.py -u http://target-ip --mode auth
```

### Save Results

```bash
# Save scan results to file
python3 freepbx_scanner.py -l targets.txt -o results.txt
```

## ๐Ÿ“ Command Line Arguments

| Argument | Description |
|----------|-------------|
| `-u, --url` | Single target URL |
| `-l, --list` | File containing list of target URLs (one per line) |
| `-t, --threads` | Number of threads (default: 1) |
| `-o, --output` | Save results to output file |
| `-d, --debug` | Enable debug mode (show headers, request/response bodies) |
| `--mode` | Scan mode: all, upload, sql, auth (default: all) |

## ๐Ÿ“Š Scan Workflow

### Complete Workflow (--mode all)

1. **Authentication Bypass** (CVE-2025-66039)
   - Extracts PHPSESSID from session cookie
   - Uses Basic Authentication bypass

2. **File Upload RCE** (CVE-2025-61678)
   - Uploads malicious PHP file via path traversal
   - Verifies file execution and accessibility

3. **SQL Injection** (CVE-2025-61675)
   - Tests multiple endpoints:
     - Basestation endpoint
     - Firmware endpoint
     - Basefile endpoint
     - CustomExt endpoint
   - Exploits SQL injection to inject admin user

## ๐ŸŽฏ Target File Format

Create a text file with one URL per line:

```
http://192.168.1.100
http://192.168.1.101
https://freepbx.example.com
```

Lines starting with `#` are treated as comments and ignored.

## ๐Ÿ“„ Output Report

The tool generates detailed reports including:

- Scan summary (total, vulnerable, not vulnerable)
- Individual vulnerability status per target
- PHPSESSID extraction results
- File upload success/failure
- SQL injection detection and exploitation results
- Injected credentials (if applicable)

## ๐Ÿ›ก๏ธ Ethical Use Guidelines

**โš ๏ธ WARNING: This tool is for authorized security testing only!**

### Before Using This Tool:

1. โœ… **Obtain Written Permission**: Always get explicit written authorization from the system owner
2. โœ… **Document Authorization**: Keep records of all permissions and authorizations
3. โœ… **Follow Scope**: Only test systems within the agreed scope
4. โœ… **Responsible Disclosure**: Report vulnerabilities through proper channels
5. โœ… **Respect Privacy**: Do not access, modify, or exfiltrate sensitive data
6. โœ… **Know the Law**: Understand and comply with all applicable laws

### Prohibited Uses:

- โŒ Testing systems without explicit permission
- โŒ Accessing unauthorized data or systems
- โŒ Causing damage or disruption to services
- โŒ Using for malicious purposes
- โŒ Violating privacy or confidentiality
- โŒ Any illegal activities

## ๐Ÿ”’ Legal Disclaimer

This tool is provided for educational and authorized security testing purposes only. The authors and contributors:

- Make no warranties about the tool's accuracy, reliability, or suitability for any purpose
- Are not responsible for any direct, indirect, incidental, or consequential damages
- Do not endorse or encourage any illegal use of this tool
- Provide no support for illegal activities

**Users assume all risks and responsibilities associated with using this tool.**

## ๐Ÿ› Troubleshooting

### SSL Certificate Errors
SSL warnings are disabled by default. If you encounter issues, ensure you're using the correct protocol (http/https).

### Connection Timeouts
- Increase timeout values in the code if needed
- Check network connectivity to targets
- Verify target is running FreePBX

### No Vulnerabilities Detected
- Ensure target is running a vulnerable FreePBX version
- Try debug mode (`-d`) to see detailed request/response data
- Verify credentials if authentication is required

## ๐Ÿ“š References

- CVE-2025-66039: Authentication Bypass
- CVE-2025-61675: SQL Injection Vulnerabilities
- CVE-2025-61678: File Upload RCE

## ๐Ÿ‘ฅ Contributing

Contributions are welcome! Please ensure all contributions:
- Follow responsible disclosure practices
- Are for legitimate security research purposes
- Include appropriate documentation
- Comply with ethical guidelines

## ๐Ÿ“ง Contact

For security issues or questions, please contact through appropriate security channels and follow responsible disclosure practices.

---

## ๐Ÿ” Final Reminder

**AUTHORIZED USE ONLY**

This tool is a powerful security testing instrument. With great power comes great responsibility. Always:
- Act ethically and legally
- Obtain proper authorization
- Follow responsible disclosure
- Respect privacy and security
- Document your activities
- Be accountable for your actions

**Remember: Unauthorized access is a crime. Use responsibly and ethically!**

---

*This project is intended to help security professionals and researchers identify and remediate vulnerabilities. It should never be used for malicious purposes.*