# N/A
## 漏洞概述
CMS Made Simple 2.2.8版本中的News模块存在未认证的盲注时间型SQL注入漏洞,攻击者可以通过构造特定的URL,利用`m1_idlist`参数触发该漏洞。
## 影响版本
- CMS Made Simple 2.2.8
## 漏洞细节
攻击者可以通过构造包含恶意`m1_idlist`参数的URL,触发News模块中的盲注时间型SQL注入漏洞。这种攻击不需要认证,因此攻击者可以无需登录系统就能实施攻击。
## 漏洞影响
由于该漏洞是未认证的盲注时间型SQL注入,攻击者可能借此获取敏感信息,如数据库结构、内部数据等,甚至可能进一步控制服务器。
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | This is modified code of 46635 exploit from python2 to python3. | https://github.com/SUNNYSAINI01001/46635.py_CVE-2019-9053 | POC详情 |
| 2 | None | https://github.com/crypticdante/CVE-2019-9053 | POC详情 |
| 3 | update to Daniele Scanu's SQL Injection Exploit - CVE-2019-9053 | https://github.com/maraspiras/46635.py | POC详情 |
| 4 | CVE-2019-9053 Exploit for Python 3 | https://github.com/e-renna/CVE-2019-9053 | POC详情 |
| 5 | This is a exploit for CVE-2019-9053 | https://github.com/zmiddle/Simple_CMS_SQLi | POC详情 |
| 6 | None | https://github.com/ELIZEUOPAIN/CVE-2019-9053-CMS-Made-Simple-2.2.10---SQL-Injection-Exploit | POC详情 |
| 7 | CVE-2019-9053 exploit ported to python3 | https://github.com/pedrojosenavasperez/CVE-2019-9053-Python3 | POC详情 |
| 8 | CMS Made Simple < 2.2.10 - SQL Injection | https://github.com/STERN3L/CVE-2019-9053 | POC详情 |
| 9 | The exploit is edited to work with different text encodings and Python 3 and is compatible with CMSMS version 2.2.9 and below. | https://github.com/Mahamedm/CVE-2019-9053-Exploit-Python-3 | POC详情 |
| 10 | This is the Updated Python3 exploit for CVE-2019-9053 | https://github.com/im-suman-roy/CVE-2019-9053 | POC详情 |
| 11 | None | https://github.com/bthnrml/guncel-cve-2019-9053.py | POC详情 |
| 12 | Original Exploit Source: https://www.exploit-db.com/exploits/46635 | https://github.com/kahluri/CVE-2019-9053 | POC详情 |
| 13 | Python3 version of the Python2 exploit for CVE-2019-9053 | https://github.com/Doc0x1/CVE-2019-9053-Python3 | POC详情 |
| 14 | This repository has the sole purpose of rewriting the CVE-2019-9053 script, which in the original publication is written in Python 2.7. I will be using Python 3. | https://github.com/fernandobortotti/CVE-2019-9053 | POC详情 |
| 15 | Improved code of Daniele Scanu SQL Injection exploit | https://github.com/byrek/CVE-2019-9053 | POC详情 |
| 16 | working exploit for CVE-2019-9053 | https://github.com/davcwikla/CVE-2019-9053-exploit | POC详情 |
| 17 | None | https://github.com/BjarneVerschorre/CVE-2019-9053 | POC详情 |
| 18 | None | https://github.com/H3xL00m/CVE-2019-9053 | POC详情 |
| 19 | None | https://github.com/n3ov4n1sh/CVE-2019-9053 | POC详情 |
| 20 | None | https://github.com/c0d3cr4f73r/CVE-2019-9053 | POC详情 |
| 21 | None | https://github.com/Jason-Siu/CVE-2019-9053-Exploit-in-Python-3 | POC详情 |
| 22 | CVE-2019-9054 exploit added support for python3 + bug fixes | https://github.com/FedericoTorres233/CVE-2019-9053-Fixed | POC详情 |
| 23 | This script is a modified version of the original exploit by Daniele Scanu which exploits an unauthenticated SQL injection vulnerability in CMS Made Simple <= 2.2.10 (CVE-2019-9053). | https://github.com/Dh4nuJ4/SimpleCTF-UpdatedExploit | POC详情 |
| 24 | The script has been remastered by Teymur Novruzov to ensure compatibility with Python 3. This tool is intended for educational purposes only. Unauthorized use of this tool on any system or network without permission is illegal. The author is not responsible for any misuse of this tool. | https://github.com/TeymurNovruzov/CVE-2019-9053-python3-remastered | POC详情 |
| 25 | None | https://github.com/Sp3c73rSh4d0w/CVE-2019-9053 | POC详情 |
| 26 | None | https://github.com/0xwh1pl4sh/CVE-2019-9053 | POC详情 |
| 27 | None | https://github.com/N3rdyN3xus/CVE-2019-9053 | POC详情 |
| 28 | None | https://github.com/jtoalu/CTF-CVE-2019-9053-GTFOBins | POC详情 |
| 29 | None | https://github.com/Azrenom/CMS-Made-Simple-2.2.9-CVE-2019-9053 | POC详情 |
| 30 | None | https://github.com/NyxByt3/CVE-2019-9053 | POC详情 |
| 31 | None | https://github.com/h3xcr4ck3r/CVE-2019-9053 | POC详情 |
| 32 | CVE-2019-9053 rewritten in python3 to fix broken syntax. Affects CMS made simple <2.2.10 | https://github.com/louisthedonothing/CVE-2019-9053 | POC详情 |
| 33 | None | https://github.com/n3rdh4x0r/CVE-2019-9053 | POC详情 |
| 34 | CMS Made Simple < 2.2.10 - SQL Injection python3 | https://github.com/Yzhacker/CVE-2019-9053-CMS46635-python3 | POC详情 |
| 35 | This exploit targets an unauthenticated SQL injection vulnerability in CMS Made Simple <= 2.2.9 (CVE-2019-9053). It uses a time-based blind SQL injection to extract the username, email, and password hash from the database. Additionally, it supports password cracking using a wordlist. | https://github.com/hf3cyber/CMS-Made-Simple-2.2.9-Unauthenticated-SQL-Injection-Exploit-CVE-2019-9053- | POC详情 |
| 36 | Unauthenticated SQL injection exploit for CVE-2019-9053 in CMS Made Simple <= 2.2.9. Extracts admin creds with time-based SQLi. | https://github.com/so1icitx/CVE-2019-9053 | POC详情 |
| 37 | None | https://github.com/Threekiii/Awesome-POC/blob/master/CMS%E6%BC%8F%E6%B4%9E/CMS%20Made%20Simple%20%28CMSMS%29%20%E5%89%8D%E5%8F%B0SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%20CVE-2019-9053.md | POC详情 |
| 38 | https://github.com/vulhub/vulhub/blob/master/cmsms/CVE-2019-9053/README.md | POC详情 | |
| 39 | CVE-2019-9053. | https://github.com/del0x3/CVE-2019-9053-port-py3 | POC详情 |
| 40 | CMS Made Simple ≤ 2.2.9 SQL Injection Vulnerability CVE-2019-9053 is a vulnerability found in CMS Made Simple (CMSMS) versions up to 2.2.9, where the application is vulnerable to a blind time-based SQL injection | https://github.com/kaizoku73/CVE-2019-9053 | POC详情 |
| 41 | Exploits Python cve-2019-9053– by HackHeart | https://github.com/Hackheart-tech/-exploit-lab | POC详情 |
| 42 | This is modified code of 46635 exploit from python2 to python3. | https://github.com/d3athcod3/46635.py_CVE-2019-9053 | POC详情 |
| 43 | None | https://github.com/h3x0v3rl0rd/CVE-2019-9053 | POC详情 |
| 44 | CVE-2019-9054 exploit added support for python3 + bug fixes | https://github.com/0xftorres/CVE-2019-9053-Fixed | POC详情 |
| 45 | None | https://github.com/Kalidas-7/CVE-2019-9053 | POC详情 |
暂无评论