4837 Total CVEs
26 Years
GitHub
Home / 2025 / CVE-2025-4322
README.md
README.md not found for CVE-2025-4322. The file may not exist in the repository.
POC / CVE-2025-4322.py PY
⬇ Raw GitHub ✕ Close 
import requests
import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

from bs4 import BeautifulSoup
from urllib.parse import urljoin, urlparse
from concurrent.futures import ThreadPoolExecutor
import threading

lock = threading.Lock()

with open("list.txt") as f:
    domains = [line.strip().replace("http://", "").replace("https://", "") for line in f if line.strip()]

login_paths = [
    "/login",
    "/loginregister",
    "/login-register",
    "/my-account",
    "/account",
    "/signin",
    "/sign-in",
    "/register",
    "/auth",
    "/user/login",
    "/user/signin",
    "/forgot-password",
    "/reset-password"
]

def check_login_form(full_url):
    try:
        res = requests.get(full_url, timeout=10, verify=False)
        if res.status_code == 200 and "stm-login-form" in res.text:
            return True
    except:
        pass
    return False

def process_domain(domain):
    checked = set()
    base_url = f"https://{domain}"
    try:
        r = requests.get(base_url, timeout=10, verify=False)
        if r.status_code != 200:
            return
        soup = BeautifulSoup(r.text, "html.parser")

        if "stm-login-form" in r.text:
            print(f"[✅] {domain} → found at homepage")
            with lock:
                with open("result.txt", "a") as f:
                    f.write(domain + "\n")
            return

        hrefs = set()
        for a in soup.find_all("a", href=True):
            href = a["href"]
            if any(kw in href.lower() for kw in ["login", "register", "account", "signin", "forgot", "reset"]):
                full_href = urljoin(base_url, href)
                hrefs.add(full_href)

        for path in login_paths:
            hrefs.add(urljoin(base_url, path))

        for link in hrefs:
            normalized = urlparse(link)._replace(query="", fragment="").geturl()
            if normalized in checked:
                continue
            checked.add(normalized)
            if check_login_form(normalized):
                print(f"[✅] {domain} → found at {normalized}")
                with lock:
                    with open("result.txt", "a") as f:
                        f.write(domain + "\n")
                break
    except Exception as e:
        print(f"[⚠️] {domain} → error: {e}")

print(f"[🚀] ready to check {len(domains)} domain...")

with ThreadPoolExecutor(max_workers=20) as executor:
    executor.map(process_domain, domains)

print(f"[✔️] Done. all valid result at result.txt")