CVE-2025-32429

This is a C-based exploit for CVE-2025-32429, targeting a blind SQL injection vulnerability in XWiki Platform's `getdeleteddocuments.vm` template via the `sort` parameter. The PoC sends crafted payloads to the REST endpoint and measures response delays to confirm successful injection.

This repository contains a C-based Proof-of-Concept for CVE-2025-32429, a blind SQL injection vulnerability in XWiki's LiveData REST API. The exploit detects WAF interference and iterates through SQLi payloads to measure response times and search for indicative keywords.

The repository contains detailed technical writeups for multiple CVEs, including CVE-2025-32429, with in-depth analysis, proof-of-concept examples, and mitigation strategies. Each writeup includes vulnerability descriptions, affected endpoints, and exploitation techniques.

This repository contains a functional exploit for CVE-2025-32429, targeting SQL injection in PHP PDO prepared statements when emulation is enabled. The exploit uses various SQL injection payloads to test and exploit the vulnerability in the XWiki platform via the 'sort' parameter in getdeleteddocuments.vm.

This repository contains a Python-based vulnerability scanner for detecting CVE-2025-32429, an SQL injection vulnerability in XWiki platforms. The scanner includes features for single and bulk target scanning, WAF detection, and both time-based and error-based SQL injection detection.

This repository contains a proof-of-concept exploit for CVE-2025-32429, which targets a SQL injection vulnerability in PHP PDO prepared statements when emulation is enabled. The exploit uses various SQL injection payloads to test for vulnerability in the XWiki platform.

This repository contains a Python-based vulnerability scanner for detecting CVE-2025-32429, an SQL injection vulnerability in XWiki platforms. The tool includes features for single and bulk target scanning, WAF detection, and both time-based and error-based SQL injection detection.