POC详情: 194dcf59c4e14e15ad58aa6c7e6be896dfe41390

来源
https://github.com/byteReaper77/CVE-2025-8471
关联漏洞
标题: Projectworlds Online Admission System 注入漏洞 (CVE-2025-8471)
描述:Projectworlds Online Admission System是印度Projectworlds公司的一个在线录取系统。 Projectworlds Online Admission System 1.0版本存在注入漏洞,该漏洞源于对文件/adminlogin.php中参数a_id的错误操作导致SQL注入。
描述
Exploit SQL injection in  projectworlds Online Admissions System v1.0
介绍
#  CVE-2025-8471 SQL Injection PoC

**Author**: Byte Reaper  
**CVE**: CVE-2025-8471  
**Vulnerability**: SQL Injection in “projectworlds Online Admission System v1.0”  
**Description**:  
A blind SQL injection exists in `adminlogin.php?a_id=`. This PoC sends a series of GET requests with various payloads—both two-stage (`INSERT … UNION SELECT …`, `SLEEP()`, `SELECT code …`) and “deep injection” strings—to detect and enumerate the issue via response-length differences.

---

## Requirements

- GCC (or any C compiler)
- libcurl development headers
- argparse.h && argparse.c
- POSIX-compatible system (Linux, macOS)

---

## Installation
1. Ensure you have `libcurl` and `argparse` installed (e.g. on Debian/Ubuntu: `sudo apt-get install libcurl4-openssl-dev`).
2. Compile:

   ```
   gcc exploit.c argparse.c -o exploit -lcurl
   
   ./exploit -u <TARGET_BASE_URL> [-c cookies.txt] [-v]

   -u, --url — Base URL of the target, e.g. http://vulnsite.com

   -c, --cookies — (Optional) path to a cookies file to maintain session

   -v, --verbose — Enable verbose libcurl output and full response dumps
   ```
## Example:


./exploit -u http://<TARGET> -v


This will:

Send a normal request to /adminlogin.php and record its length.

Iterate over two-stage and deep payload lists, injecting each one at ?a_id=….

Compare each injection’s response length against the baseline.

Log every payload, HTTP status (if ≥2xx), and observed length into result.log.

Payloads Tested :
Two-Stage

INSERT INTO stages (id,code) VALUES (3, 'UNION SELECT NULL --');

SELECT SLEEP(2);

SELECT code FROM stages WHERE id = 3;

Deep Injection

'/**/OR/**/1=1--, '/**/OR/**/'a'='a'--, …

Includes boolean, time-based, union, substring, order-by, like, exists, comment-style injections.

All payloads are URL-encoded via curl_easy_escape before delivery.

## References :
   - NVD : https://nvd.nist.gov/vuln/detail/CVE-2025-8471
   - CVE : https://www.cve.org/CVERecord?id=CVE-2025-8471
## License :

MIT License
文件快照

 [4.0K]  /data/pocs/194dcf59c4e14e15ad58aa6c7e6be896dfe41390
├── [ 22K]  exploit.c
├── [1.0K]  LICENSE
└── [2.1K]  README.md

0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。