Exploit for Code Injection in Foxcms CVE-2025-29306

Name: Exploit for Code Injection in Foxcms CVE-2025-29306
Rating: 5 (92 reviews)
2025-04-25 | CVSS 9.8
## https://sploitus.com/exploit?id=D8D01463-721B-5557-9AAF-056B95FF3A02
# CVE-2025-29306 - FoxCMS Remote Code Execution Exploit

![Python Version](https://img.shields.io/badge/python-3.6+-blue.svg)
![License](https://img.shields.io/badge/license-MIT-green.svg)

A Python exploit for CVE-2025-29306, a remote code execution vulnerability in FoxCMS. This tool allows testing single targets or scanning multiple hosts in bulk.

## Features

- Single target or bulk scanning capability
- Multi-threaded for fast scanning
- Detailed output with command execution results
- Automatic results saving to file
- Real-time progress reporting
- Clean summary table of vulnerable hosts

## Installation

```bash
git clone https://github.com/mattb709/CVE-2025-29306-PoC-FoxCMS-RCE
.git
cd CVE-2025-29306-PoC-FoxCMS-RCE
pip install -r requirements.txt
```

## Requirements

- Python 3.6+
- Required packages:
  - `requests`
  - `beautifulsoup4`
  - `argparse`

Install requirements with:
```bash
pip install requests beautifulsoup4
```

## Usage

```
usage: foxcms_rce.py [-h] -c COMMAND (-t TARGET | -f TARGETS_FILE)

CVE-2025-29306 Exploit Checker

options:
  -h, --help            show this help message and exit
  -c COMMAND, --command COMMAND
                        Command to execute on vulnerable hosts
  -t TARGET, --target TARGET
                        Single target in the format ip:port
  -f TARGETS_FILE, --targets-file TARGETS_FILE
                        File containing multiple targets, one per line, in the format ip:port
```

### Examples

1. Test a single target:
```bash
python CVE-2025-29306-PoC -t 192.168.1.100:8080 -c "whoami"
```

2. Scan multiple targets from a file:
```bash
python CVE-2025-29306-PoC -f targets.txt -c "whoami"
```

3. Save output to file (automatically done):
```bash
python CVE-2025-29306-PoC -f targets.txt -c "whoami" > results.txt
```

## Target File Format

The targets file should contain one target per line in the format:
```
ip:port
```
Example:
```
192.168.1.100:80
10.10.10.5:443
172.16.32.15:8080
```

## Output

The script provides:
- Real-time progress with status for each target
- Detailed output for vulnerable hosts
- Summary table of all vulnerable hosts
- Automatic saving of full results to `foxcms_rce_results.txt`

![sample-output](https://github.com/user-attachments/assets/e1a2ccd7-ec9d-4606-ae3d-75615b11df8a)


## Disclaimer

This tool is for educational and authorized testing purposes only. The author is not responsible for any misuse or damage caused by this program.

## License

MIT License - See LICENSE file for details