CVE-2025-24799 Auto Exploit

---

⚡ Overview

CVE-2025-24799 is a proof-of-concept (PoC) exploit targeting GLPI.
This exploit demonstrates unauthenticated SQL Injection (time-based blind) to extract user credentials.

Disclaimer: This PoC is for educational purposes only. Do not use on systems without permission.

---

🛠 Features

• Detects glpi_users table and required columns (name and password)
• Extracts usernames and passwords sequentially
• Time-based blind SQL injection for unauthenticated exploitation
• Colorful console output with status, success, failure, and info messages
• Works on Python 3.x with minimal dependencies

---

⚙️ Installation

1. Clone the repository:

git clone https://github.com/Rosemary1337/CVE-2025-24799.git
cd CVE-2025-24799

2. Install dependencies:

pip install -r requirements.txt

Requirements: requests, colorama, beautifulsoup4

---

🚀 Usage

python3 main.py -u <TARGET_URL>

Example:

python3 main.py -u http://target.com/index.php/ajax

Arguments

Flag	Description	Required	Default
-u, --url	Target URL	Yes	-

---

🎨 Output

The console shows:

• Status messages [•]
• Success [✔]
• Fail [✖]
• Info [i]

Example:

[•] Exploiting CVE-2025-24799...
[✔] Table 'glpi_users' found.
[✔] Required columns verified.
[i] Starting credential extraction...

[+] Credential 1: admin:5f4dcc3b5aa765d61d8327deb882cf99
[+] Credential 2: user:123456
[*] Extraction complete.

---

🔐 Security & Disclaimer

• For educational & testing purposes only.
• Do not attack websites without explicit permission.
• Use in a controlled lab or authorized penetration test only.

---

🔗 Connect with Me

I'm an active developer who enjoys building tools and sharing knowledge. You can reach me through: