Skip to content

Commit a3a1e14

Browse files
jheysel-r7jheysel-r7
authored
Apply suggestions from code review
1 parent 5ab864b commit a3a1e14

File tree

2 files changed

+7
-7
lines changed

2 files changed

+7
-7
lines changed

documentation/modules/exploit/windows/http/sitecore_xp_cve_2025_34510.md

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,11 @@
11
## Vulnerable Application
22

3-
The Sitecore Experience Platform (XP) is flagship CMS product.
3+
The Sitecore Experience Platform (XP) is a flagship CMS product.
44
Provides comprehensive digital marketing tools, view of customer data and many other features.
5-
Sitecore deploys multiple default service accounts when installing, among them ServicesAPI.
6-
The versions from 10 to 10.4 have hardcoded password for this account - the password is letter b (CVE-2025-34509).
7-
This account is used to gain access and exploit additional vulnerability - path traversal in zip extraction (CVE-2025-34510).
8-
This module exploits both vulnerabilities to gain remote code execution by uploading malicious ASPX into root directory of webserver.
5+
Sitecore deploys multiple default service accounts when installing, among them is an account called ServicesAPI.
6+
The versions from 10 to 10.4 have a hardcoded password for this account - the password is the letter b (CVE-2025-34509).
7+
This account is used to gain access and exploit an additional vulnerability - a path traversal in zip extraction (CVE-2025-34510).
8+
This module exploits both vulnerabilities to gain remote code execution by uploading malicious ASPX into the root directory of the webserver.
99

1010
### Installation
1111

documentation/modules/exploit/windows/http/sitecore_xp_cve_2025_34511.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,10 @@
11
## Vulnerable Application
22

3-
The Sitecore Experience Platform (XP) is flagship CMS product.
3+
The Sitecore Experience Platform (XP) is a flagship CMS product.
44
Provides comprehensive digital marketing tools, view of customer data and many other features.
55
A user can install multiple extensions to Sitecore XP - among them is Sitecore PowerShell Extension (SPA).
66
It is obligatory requirement for popular SXA add-on.
7-
The SPA is vulnerable to unrestricted file upload up to version 7.0.
7+
The SPA is vulnerable to an unrestricted file upload up to version 7.0.
88
An attacker can upload malicious ASPX file and gain remote code execution.
99

1010

0 commit comments

Comments
 (0)