CVE-2016-2555 PoC — ATutor SQL注入漏洞

Source

https://github.com/HussainFathy/CVE-2016-2555

Associated Vulnerability

Title:ATutor SQL注入漏洞 (CVE-2016-2555)
Description:ATutor是ATutor团队开发的一套开源的基于Web的学习内容管理系统（LCMS）。该系统包括教学内容管理、论坛、聊天室等模块。 ATutor 2.2.1版本中的include/lib/mysql_connect.inc.php文件存在SQL注入漏洞。远程攻击者可利用该漏洞执行任意的SQL命令。

Description

CVE-2016-2555 Exploit

Readme

# CVE-2016-2555 Exploit 

This exploit targets a **SQL Injection vulnerability** and an **authentication weakness vulnerability** in **ATutor 2.2.1**. By exploiting these vulnerabilities, the attacker can upload malicious code to achieve **Remote Code Execution (RCE)** on the vulnerable server.

## Usage

```bash
$ python3 CVE-2016-2555.py {target}:{port}
```
Example:
```bash
$ python3  CVE-2016-2555.py 127.0.0.1:8080
```
## Features

- Exploits the SQL Injection vulnerability in ATutor 2.2.1.
- Bypasses authentication to gain administrative access.
- Uploads a malicious payload to achieve RCE.

## Disclaimer

This script is provided for educational purposes only. Unauthorized use of this script against systems without proper authorization is illegal. Always ensure you have explicit permission from the system owner before running this exploit.

File Snapshot


 [4.0K]  /data/pocs/4684f156a9fe9d38d3c5551feccfaedc3dfdb26e
├── [4.7K]  CVE-2016-2555.py
└── [ 857]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!