关联漏洞
标题:
CMS Made Simple SQL注入漏洞
(CVE-2019-9053)
描述:CMS Made Simple(CMSMS)是CMSMS团队的一套开源的内容管理系统(CMS)。该系统支持基于角色的权限管理系统、基于向导的安装与更新机制、智能缓存机制等。 CMSMS 2.2.8版本中存在SQL注入漏洞,该漏洞源于基于数据库的应用缺少对外部输入SQL语句的验证。攻击者可利用该漏洞执行非法SQL命令。
描述
CVE-2019-9053.
介绍
# CVE-2019-9053 Exploit - Python 3
This is a Python 3 port of the CVE-2019-9053 exploit, which targets CMS Made Simple (CMSMS) versions before 2.2.10. The vulnerability allows for SQL injection through the News module interface.
## Example Output
Tested on the [TryHackMe Simple CTF Challenge](https://tryhackme.com/room/easyctf).
## Description
The exploit takes advantage of a SQL injection vulnerability in the CMS Made Simple News module. It can:
- Extract the CMS salt
- Dump admin username
- Dump admin email
- Dump admin password hash
- Optionally crack the password using a provided wordlist
## Quick Start
Download and run quickly using these commands:
```bash
# Download the exploit
curl -O https://raw.githubusercontent.com/del0x3/CVE-2019-9053-port-py3/main/exploit.py
# Download requirements
curl -O https://raw.githubusercontent.com/del0x3/CVE-2019-9053-port-py3/main/requirements.txt
# Install requirements
pip install -r requirements.txt
# Make exploit executable
chmod +x exploit.py
# Run the exploit
./exploit.py -u http://target.com/cms
```
Alternative using wget:
```bash
wget https://raw.githubusercontent.com/del0x3/CVE-2019-9053-port-py3/main/exploit.py
wget https://raw.githubusercontent.com/del0x3/CVE-2019-9053-port-py3/main/requirements.txt
pip install -r requirements.txt
chmod +x exploit.py
./exploit.py -u http://target.com/cms
```
## Requirements
- Python 3.6+
- Required packages (see requirements.txt)
## Installation
1. Clone this repository:
```bash
git clone https://github.com/del0x3/CVE-2019-9053-port-py3.git
cd CVE-2019-9053-port-py3
```
2. Install the required packages:
```bash
pip install -r requirements.txt
```
## Usage
Basic usage:
```bash
python3 exploit.py -u http://target.com/cms
```
With password cracking:
```bash
python3 exploit.py -u http://target.com/cms -c -w /path/to/wordlist.txt
```
### Arguments
- `-u, --url`: Base target URL (required)
- `-w, --wordlist`: Path to wordlist for password cracking
- `-c, --crack`: Enable password cracking mode
## Disclaimer
This tool is for educational and security research purposes only. Do not use it against systems without explicit permission.
## Credits
- Original exploit by Daniele Scanu
- Python 3 port by Del0x3
## License
MIT License
文件快照
[4.0K] /data/pocs/47182d7021632cc371e7ec3f97b4533ab9766353
├── [3.4K] exploit.py
├── [4.0K] images
│ └── [ 17K] image.png
├── [ 129] __init__.py
├── [1.0K] LICENSE
├── [2.2K] README.md
└── [ 34] requirements.txt
1 directory, 6 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。