Exploit for SQL Injection in Fortinet Fortiweb CVE-2025-25257

## https://sploitus.com/exploit?id=B08018BE-3651-5E68-B160-8D49E5690ACA
# CVE-2025-25257 Exploit Tool

Credits
```
Based on watchTowr Labs, 0xbigshaq, and pwner.gg analyses.
````

Warnings
````
For educational purposes only. Use on authorized systems. Modifies database/filesystem.
````
Enhanced Python tool for detecting and exploiting CVE-2025-25257 (Pre-Auth SQLi to RCE in Fortinet FortiWeb).

## Features
- Vulnerability detection with version checking.
- Persistent webshell upload via SQL injection.
- Payload splitting and hex encoding for length limits.
- Chmod gadget with cleanup.
- CGI trigger for RCE.

## Usage
```bash
python exploit.py --host target.com --https --exploit
--host: Target host.
--https: Use HTTPS.
--exploit: Perform exploit if vulnerable.

Installation
pip install -r requirements.txt