POC详情: 0bc57697bec5b7e3971dbb309be29f006c2c8fcf

来源
https://github.com/CaelumIsMe/CVE-2019-9053-POC
关联漏洞
标题: CMS Made Simple SQL注入漏洞 (CVE-2019-9053)
描述:CMS Made Simple(CMSMS)是CMSMS团队的一套开源的内容管理系统(CMS)。该系统支持基于角色的权限管理系统、基于向导的安装与更新机制、智能缓存机制等。 CMSMS 2.2.8版本中存在SQL注入漏洞,该漏洞源于基于数据库的应用缺少对外部输入SQL语句的验证。攻击者可利用该漏洞执行非法SQL命令。
介绍
# CMS Made Simple < 2.2.10 SQL Injection Exploit

![Exploit Banner](https://img.shields.io/badge/Exploit-EDB%2046635-blue?style=flat-square)

## 🚨 Educational SQL Injection Exploit 🚨

**Author:** Daniele Scanu  
**Reference:** [Exploit-DB 46635](https://www.exploit-db.com/exploits/46635)  
**CVE:** [CVE-2019-9053](https://nvd.nist.gov/vuln/detail/CVE-2019-9053)

---

> **⚠️ Disclaimer:**
> This script is for **educational and authorized testing** purposes only. Do not use it on systems you do not own or have explicit permission to test. The author and contributors are not responsible for any misuse or damage caused by this tool.

---

## 🎯 What is this?

This is a Python 3 exploit script for the **Unauthenticated SQL Injection vulnerability** in CMS Made Simple versions **< 2.2.10**. It automates the extraction of sensitive information (salt, username, email, password hash) from a vulnerable CMS instance using a time-based blind SQL injection.

## 🕹️ Features
- Extracts admin salt, username, email, and password hash
- Optional password cracking with a supplied wordlist
- Colorful, interactive terminal output
- Fully Python 3 compatible

## 📚 References
- [Exploit-DB Entry 46635](https://www.exploit-db.com/exploits/46635)
- [CMS Made Simple Official Site](https://www.cmsmadesimple.org/)

## 🚀 Usage

```bash
python cms_exploit.py -u http://target-uri
```

To attempt password cracking with a wordlist:

```bash
python cms_exploit.py -u http://target-uri --crack -w /path/to/wordlist.txt
```

### Example
```
python cms_exploit.py -u http://10.10.10.100/cms
```

## 🛠️ Requirements
- Python 3.x
- `requests` library
- `termcolor` library

Install dependencies with:
```bash
pip install requests termcolor
```

## 🧩 How it Works
- Performs a time-based blind SQL injection to enumerate the salt, username, email, and password hash of the admin user.
- Optionally cracks the password hash using a supplied wordlist and the extracted salt.

## 🎨 Output
The script provides a colorful, step-by-step output of the extraction and cracking process, making it both informative and fun to watch!

---

## 👾 For Fun & Learning
This script is a great way to learn about SQL injection, time-based attacks, and password cracking. Use it responsibly, and always with permission!

---

## 📝 License
This project is for educational use only. No warranty, no guarantees. Have fun, hack ethically, and stay curious!
文件快照

 [4.0K]  /data/pocs/0bc57697bec5b7e3971dbb309be29f006c2c8fcf
├── [6.5K]  cms_exploit.py
└── [2.5K]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。