支持本站 — 捐款将帮助我们持续运营

目标:1000 元,已筹:640

64.0%
立即捐款
一、 漏洞 CVE-2019-9053 基础信息
漏洞信息
                                        # N/A

## 漏洞概述
CMS Made Simple 2.2.8版本中的News模块存在未认证的盲注时间型SQL注入漏洞,攻击者可以通过构造特定的URL,利用`m1_idlist`参数触发该漏洞。

## 影响版本
- CMS Made Simple 2.2.8

## 漏洞细节
攻击者可以通过构造包含恶意`m1_idlist`参数的URL,触发News模块中的盲注时间型SQL注入漏洞。这种攻击不需要认证,因此攻击者可以无需登录系统就能实施攻击。

## 漏洞影响
由于该漏洞是未认证的盲注时间型SQL注入,攻击者可能借此获取敏感信息,如数据库结构、内部数据等,甚至可能进一步控制服务器。
神龙判断

是否为 Web 类漏洞:

判断理由:

是。这个漏洞存在于CMS Made Simple 2.2.8版本的News模块中,攻击者可以通过构造特定的URL利用m1_idlist参数实现未认证的基于时间的盲注SQL注入,这属于Web服务端的安全漏洞。
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
N/A
来源:美国国家漏洞数据库 NVD
漏洞描述信息
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
N/A
来源:美国国家漏洞数据库 NVD
漏洞标题
CMS Made Simple SQL注入漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
CMS Made Simple(CMSMS)是CMSMS团队的一套开源的内容管理系统(CMS)。该系统支持基于角色的权限管理系统、基于向导的安装与更新机制、智能缓存机制等。 CMSMS 2.2.8版本中存在SQL注入漏洞,该漏洞源于基于数据库的应用缺少对外部输入SQL语句的验证。攻击者可利用该漏洞执行非法SQL命令。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
SQL注入
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2019-9053 的公开POC
#POC 描述源链接神龙链接
1This is modified code of 46635 exploit from python2 to python3.https://github.com/SUNNYSAINI01001/46635.py_CVE-2019-9053POC详情
2Nonehttps://github.com/crypticdante/CVE-2019-9053POC详情
3update to Daniele Scanu's SQL Injection Exploit - CVE-2019-9053https://github.com/maraspiras/46635.pyPOC详情
4CVE-2019-9053 Exploit for Python 3https://github.com/e-renna/CVE-2019-9053POC详情
5This is a exploit for CVE-2019-9053https://github.com/zmiddle/Simple_CMS_SQLiPOC详情
6Nonehttps://github.com/ELIZEUOPAIN/CVE-2019-9053-CMS-Made-Simple-2.2.10---SQL-Injection-ExploitPOC详情
7CVE-2019-9053 exploit ported to python3https://github.com/pedrojosenavasperez/CVE-2019-9053-Python3POC详情
8CMS Made Simple < 2.2.10 - SQL Injection https://github.com/STERN3L/CVE-2019-9053POC详情
9The exploit is edited to work with different text encodings and Python 3 and is compatible with CMSMS version 2.2.9 and below.https://github.com/Mahamedm/CVE-2019-9053-Exploit-Python-3POC详情
10This is the Updated Python3 exploit for CVE-2019-9053https://github.com/im-suman-roy/CVE-2019-9053POC详情
11Nonehttps://github.com/bthnrml/guncel-cve-2019-9053.pyPOC详情
12Original Exploit Source: https://www.exploit-db.com/exploits/46635https://github.com/kahluri/CVE-2019-9053POC详情
13Python3 version of the Python2 exploit for CVE-2019-9053https://github.com/Doc0x1/CVE-2019-9053-Python3POC详情
14This repository has the sole purpose of rewriting the CVE-2019-9053 script, which in the original publication is written in Python 2.7. I will be using Python 3.https://github.com/fernandobortotti/CVE-2019-9053POC详情
15Improved code of Daniele Scanu SQL Injection exploithttps://github.com/byrek/CVE-2019-9053POC详情
16working exploit for CVE-2019-9053 https://github.com/davcwikla/CVE-2019-9053-exploitPOC详情
17Nonehttps://github.com/BjarneVerschorre/CVE-2019-9053POC详情
18Nonehttps://github.com/H3xL00m/CVE-2019-9053POC详情
19Nonehttps://github.com/n3ov4n1sh/CVE-2019-9053POC详情
20Nonehttps://github.com/c0d3cr4f73r/CVE-2019-9053POC详情
21Nonehttps://github.com/Jason-Siu/CVE-2019-9053-Exploit-in-Python-3POC详情
22CVE-2019-9054 exploit added support for python3 + bug fixeshttps://github.com/FedericoTorres233/CVE-2019-9053-FixedPOC详情
23This script is a modified version of the original exploit by Daniele Scanu which exploits an unauthenticated SQL injection vulnerability in CMS Made Simple <= 2.2.10 (CVE-2019-9053).https://github.com/Dh4nuJ4/SimpleCTF-UpdatedExploitPOC详情
24The script has been remastered by Teymur Novruzov to ensure compatibility with Python 3. This tool is intended for educational purposes only. Unauthorized use of this tool on any system or network without permission is illegal. The author is not responsible for any misuse of this tool.https://github.com/TeymurNovruzov/CVE-2019-9053-python3-remasteredPOC详情
25Nonehttps://github.com/Sp3c73rSh4d0w/CVE-2019-9053POC详情
26Nonehttps://github.com/0xwh1pl4sh/CVE-2019-9053POC详情
27Nonehttps://github.com/N3rdyN3xus/CVE-2019-9053POC详情
28Nonehttps://github.com/jtoalu/CTF-CVE-2019-9053-GTFOBinsPOC详情
29Nonehttps://github.com/Azrenom/CMS-Made-Simple-2.2.9-CVE-2019-9053POC详情
30Nonehttps://github.com/NyxByt3/CVE-2019-9053POC详情
31Nonehttps://github.com/h3xcr4ck3r/CVE-2019-9053POC详情
32CVE-2019-9053 rewritten in python3 to fix broken syntax. Affects CMS made simple <2.2.10https://github.com/louisthedonothing/CVE-2019-9053POC详情
33Nonehttps://github.com/n3rdh4x0r/CVE-2019-9053POC详情
34CMS Made Simple < 2.2.10 - SQL Injection python3https://github.com/Yzhacker/CVE-2019-9053-CMS46635-python3POC详情
35This exploit targets an unauthenticated SQL injection vulnerability in CMS Made Simple <= 2.2.9 (CVE-2019-9053). It uses a time-based blind SQL injection to extract the username, email, and password hash from the database. Additionally, it supports password cracking using a wordlist.https://github.com/hf3cyber/CMS-Made-Simple-2.2.9-Unauthenticated-SQL-Injection-Exploit-CVE-2019-9053-POC详情
36Unauthenticated SQL injection exploit for CVE-2019-9053 in CMS Made Simple <= 2.2.9. Extracts admin creds with time-based SQLi.https://github.com/so1icitx/CVE-2019-9053POC详情
37Nonehttps://github.com/Threekiii/Awesome-POC/blob/master/CMS%E6%BC%8F%E6%B4%9E/CMS%20Made%20Simple%20%28CMSMS%29%20%E5%89%8D%E5%8F%B0SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%20CVE-2019-9053.mdPOC详情
38https://github.com/vulhub/vulhub/blob/master/cmsms/CVE-2019-9053/README.mdPOC详情
39CVE-2019-9053.https://github.com/del0x3/CVE-2019-9053-port-py3POC详情
40CMS Made Simple ≤ 2.2.9 SQL Injection Vulnerability CVE-2019-9053 is a vulnerability found in CMS Made Simple (CMSMS) versions up to 2.2.9, where the application is vulnerable to a blind time-based SQL injectionhttps://github.com/kaizoku73/CVE-2019-9053POC详情
41Exploits Python cve-2019-9053– by HackHearthttps://github.com/Hackheart-tech/-exploit-labPOC详情
42This is modified code of 46635 exploit from python2 to python3.https://github.com/d3athcod3/46635.py_CVE-2019-9053POC详情
43Nonehttps://github.com/h3x0v3rl0rd/CVE-2019-9053POC详情
44CVE-2019-9054 exploit added support for python3 + bug fixeshttps://github.com/0xftorres/CVE-2019-9053-FixedPOC详情
45Nonehttps://github.com/Kalidas-7/CVE-2019-9053POC详情
46Nonehttps://github.com/noob-hacker572/CMS-Made-Simple-2.2.9-CVE-2019-9053POC详情
47This repository contains the corrected code for CVE: 2019-9053https://github.com/Slayerma/-CVE-2019-9053POC详情
48Nonehttps://github.com/CaelumIsMe/CVE-2019-9053-POCPOC详情
49Nonehttps://github.com/6iroc/CVE-2019-9053POC详情
50Python3-converted exploit and research notes for CMS Made Simple (CVE-2019-9053) — Unauthenticated SQL Injection vulnerability. Includes original PoC, improved Python3 version, usage instructions, and lab testing reference.https://github.com/JagdeepSinghCeh/cms-made-simple-python3POC详情
51CMS Made Simple < 2.2.10 - SQL Injection . Actual working versionhttps://github.com/Perseus99999/CVE-2019-9053-working-POC详情
52This repository is a complete walkthrough of the Simple CTF challenge on TryHackMe, featuring Nmap scanning, directory enumeration with Gobuster, exploitation of CVE-2019-9053, SSH access, and privilege escalation via sudo permissions.https://github.com/Praditha29/Simple-CTF-THM-WriteupPOC详情
53Nonehttps://github.com/Boon-Rekcah/CMS-Made-Simple-2.2.9-CVE-2019-9053POC详情
三、漏洞 CVE-2019-9053 的情报信息
四、漏洞 CVE-2019-9053 的评论

暂无评论

发表评论