CVE-2026-25253

This repository contains a proof-of-concept exploit for CVE-2026-25253, targeting a vulnerability in Moltbot. The exploit involves a Flask-based server to capture tokens and passwords, and a Playwright-based script to automate the exploitation process.

This repository contains detailed documentation and deployment guides for OpenClaw, an open-source AI assistant platform, but does not include actual exploit code or technical analysis of CVE-2026-25253.

This repository is a security monitoring tool for OpenClaw deployments, designed to detect threats such as CVE-2026-25253 (WebSocket hijacking RCE), AMOS stealer, and other malicious activities. It includes a 32-point scanner, remediation scripts, and a web dashboard for real-time monitoring.

This repository contains a functional proof-of-concept exploit for CVE-2026-25253, leveraging Cross-Site WebSocket Hijacking to achieve one-click RCE on OpenClaw. The exploit involves token theft, WebSocket hijacking, and command execution via a browser-based payload.

This repository contains a Chinese-language writeup for CVE-2026-25253, describing a Cross-Site WebSocket Hijacking vulnerability in OpenClaw that allows one-click remote code execution. It references external sources but does not include exploit code or technical details.

This is a functional exploit PoC for CVE-2026-25253, which appears to target a gateway token capture vulnerability. The exploit sets up a Flask server with WebSocket support to intercept and capture gateway tokens, likely for authentication bypass or session hijacking.

This repository is a security-hardened fork of OpenClaw, addressing multiple vulnerabilities including CVE-2026-25253. It provides a detailed technical analysis of the vulnerabilities, remediation strategies, and architectural improvements without including functional exploit code.

This repository contains sanitized documentation for deploying OpenClaw on a VPS, including architectural decisions, security requirements, and deployment plans. It does not include exploit code but provides detailed technical insights into the platform's setup and potential security considerations.