关联漏洞
标题:
CMS Made Simple SQL注入漏洞
(CVE-2019-9053)
描述:CMS Made Simple(CMSMS)是CMSMS团队的一套开源的内容管理系统(CMS)。该系统支持基于角色的权限管理系统、基于向导的安装与更新机制、智能缓存机制等。 CMSMS 2.2.8版本中存在SQL注入漏洞,该漏洞源于基于数据库的应用缺少对外部输入SQL语句的验证。攻击者可利用该漏洞执行非法SQL命令。
描述
The script has been remastered by Teymur Novruzov to ensure compatibility with Python 3. This tool is intended for educational purposes only. Unauthorized use of this tool on any system or network without permission is illegal. The author is not responsible for any misuse of this tool.
介绍
# CVE-2019-9053-python3-remastered
The script has been remastered by Teymur Novruzov to ensure compatibility with Python 3. This tool is intended for educational purposes only. Unauthorized use of this tool on any system or network without permission is illegal. The author is not responsible for any misuse of this tool.
CMS Made Simple SQL Injection Exploit (Python 3)
Overview
This repository contains a Python 3 script that exploits a time-based SQL injection vulnerability in CMS Made Simple. The script has been remastered by Teymur Novruzov to ensure compatibility with Python 3.
Features
Dumps sensitive information such as salt, username, email, and password.
Optional password cracking feature using a wordlist.
Utilizes a time-based SQL injection approach.
Requirements
Python 3.x
Requests library (install via pip install requests)
Usage
Basic Usage
python3 exploit.py -u http://target-uri
With Password Cracking
python3 exploit.py -u http://target-uri --crack
Options
-u, --url: Specify the base target URL (e.g., http://10.10.10.100/cms)
-c, --crack: Enable password cracking using a wordlist
Example
python3 exploit.py -u http://10.10.10.100/cms
python3 exploit.py -u http://10.10.10.100/cms --crack
How It Works
Dump Salt: Extracts the salt used for hashing passwords.
Dump Username: Extracts the username from the CMS database.
Dump Email: Extracts the email associated with the user.
Dump Password: Extracts the hashed password.
Crack Password: (Optional) Attempts to crack the password using a wordlist.
Important Notes
Ensure the variable TIME is set appropriately as this SQL injection is time-based.
This script is for educational purposes only. Use it responsibly and with permission.
Author
Teymur Novruzov
License
This project is licensed under the MIT License.
Example Output
[+] Salt for password found: abcdef
[+] Username found: admin
[+] Email found: admin@example.com
[+] Password found: 5f4dcc3b5aa765d61d8327deb882cf99\
[*] Now try to crack password
[*] Try: password
[+] Password cracked: password
Disclaimer
This tool is intended for educational purposes only. Unauthorized use of this tool on any system or network without permission is illegal. The author is not responsible for any misuse of this tool.
文件快照
[4.0K] /data/pocs/24fd3eda27b7e46cc8951ab3d798ed9659180a9b
├── [8.1M] CVE-Rematesred.mp4
├── [2.2K] README.md
└── [5.8K] remastered_exploit.py
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。