Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-9053 PoC — CMS Made Simple SQL注入漏洞

Source
https://github.com/ELIZEUOPAIN/CVE-2019-9053-CMS-Made-Simple-2.2.10---SQL-Injection-Exploit
Associated Vulnerability
Title:CMS Made Simple SQL注入漏洞 (CVE-2019-9053)
Description:CMS Made Simple(CMSMS)是CMSMS团队的一套开源的内容管理系统(CMS)。该系统支持基于角色的权限管理系统、基于向导的安装与更新机制、智能缓存机制等。 CMSMS 2.2.8版本中存在SQL注入漏洞,该漏洞源于基于数据库的应用缺少对外部输入SQL语句的验证。攻击者可利用该漏洞执行非法SQL命令。
Readme
# CMS-Made-Simple-2.2.10---SQL-Injection-Exploit-com-corre-o-de-Bugs
O exploit foi corrigdo para suportar o python 3

<h1> CVE-2019-9053
  <h2>Fonte de exploração original: https://www.exploit-db.com/exploits/46635
<h1> Possivel erro e sua correção </h1>

<bash>Traceback (most recent call last):
  File "46635.py", line 12, in <module>
    from termcolor import colored
ImportError: No module named termcolor
  
<h2> Correção
  
  <code> pip install termcolor
  </code>

  <h2> Exemplo de comando </h2>
  
  <code> python cve.py -u http://target --crack -w /usr/share/wordlists/best110.txt   
 </code>
  
  <h1> Exemplo de Resultado:
	  
```
  [+] Salt for password found: 18
  [+] Username found: mitw
  [+] Email found: adk
  [+] Password found: 0c01f4468d
```                                 

# Os usuários assumem total responsabilidade por quaisquer ações realizadas usando esta ferramenta.</p>
# Se esses termos não forem aceitáveis ​​para você, não use esta ferramenta.
# Por favor, use esta ferramenta apenas em ambientes onde você tem permissão para realizar atividades de teste de penetração.
# Por favor, não use esta ferramenta para qualquer propósito malicioso.


<a href="https://www.buymeacoffee.com/elizeudasdores"><img src="https://img.buymeacoffee.com/button-api/?text=Buy me a coffee&emoji=&slug=elizeudasdores&button_colour=FF5F5F&font_colour=ffffff&font_family=Cookie&outline_colour=000000&coffee_colour=FFDD00" /></a>
File Snapshot

 [4.0K]  /data/pocs/1f55d437785d61d616e20fc38a989f8ec3788a84
├── [ 849]  best110.txt
├── [6.4K]  cve.py
└── [1.4K]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.