Share
## https://sploitus.com/exploit?id=B34E9F69-1D9D-58B4-B314-6A315EA7C35E
# POC
> RBKD-SEC: Team-based PoC for vulnerability verification/exploitation.
> For Nuclei scanning templates, please refer to [`RBKD-SEC/templates`](https://github.com/RBKD-SEC/templates).
## Directory Structure
| Format | Directory | Applicable Scenarios | Call Method |
|------|------|----------|----------|
| **pocsuite3** | `pocsuite3/` | Integrated batch scanning, report generation | `pocsuite3 -r poc.py` |
| **Standalone Script** | `standalone/` | Single-point exploitation, interactive shell, special protocols | `python3 poc.py` |
## Quick Start
### pocsuite3 Format
```bash
pip install pocsuite3
# Verification Mode
pocsuite3 -r pocsuite3/n8n/cve_2026_21858_rce_poc.py -u http://
# Attack Mode
pocsuite3 -r pocsuite3/n8n/cve_2026_21858_rce_poc.py -u http:// --attack
```
### Standalone Script
Each standalone script directory contains a `README.md` file, detailing the vulnerability mechanism and usage instructions.
```bash
# Example: 1Panel RCE
cd standalone/1panel
python3 CVE-2025-54424.py -u :9999
# Batch Scanning
python3 CVE-2025-54424.py -f targets.txt -t 20
```
## PoC Index
### pocsuite3
- `n8n/` โ CVE-2026-21858 (LFI) + CVE-2025-68613 (RCE)
- `react/` โ CVE-2025-55182
### standalone
- `1panel/` โ CVE-2025-54424 (Client-side certificate bypass RCE)
- `copy-fail-CVE-2026-31431/` โ copy_fail kernel privilege escalation
- `dirtyfrag/` โ Spoofing exploit for dirty page fragmentation
- `ruoyi/` โ CVE-2023-49371
## New PoC
### Directory Specification
#### pocsuite3 Format
- Must inherit from `POCBase` and call `register_poc()`
- Should include complete `pocInfo` (name, vulID, author, vulType, references)
- Directories should be categorized by target product.
```
pocsuite3/
โโโ {product}/
โโโ {cve-id}_poc.py
```
#### Standalone Script
- Must include command-line parameter parsing (recommended using `argparse`)
- File headers should include CVE numbers, author, and dependency installation commands
- Directories should be categorized by target product, along with `README.md`.
```
standalone/
โโโ {product}/
โโโ {cve-id}.py
โโโ README.md
```
### Commit Message Format
Commit messages should follow this format:
```
[add] CVE-2025-XXXXX - Product Name, Vulnerability Type
[fix] CVE-2025-XXXXX - Fixed XX issue
```
## Statement
All content in this repository is for security research and education purposes only. **Use it for legitimate purposes only.** Any misuse of the information and code in this repository may result in severe consequences, and the user is responsible for any such actions.