Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-9053 PoC — CMS Made Simple SQL注入漏洞

Source
https://github.com/del0x3/CVE-2019-9053-port-py3
Associated Vulnerability
Title:CMS Made Simple SQL注入漏洞 (CVE-2019-9053)
Description:CMS Made Simple(CMSMS)是CMSMS团队的一套开源的内容管理系统(CMS)。该系统支持基于角色的权限管理系统、基于向导的安装与更新机制、智能缓存机制等。 CMSMS 2.2.8版本中存在SQL注入漏洞,该漏洞源于基于数据库的应用缺少对外部输入SQL语句的验证。攻击者可利用该漏洞执行非法SQL命令。
Description
CVE-2019-9053.
Readme
# CVE-2019-9053 Exploit - Python 3

This is a Python 3 port of the CVE-2019-9053 exploit, which targets CMS Made Simple (CMSMS) versions before 2.2.10. The vulnerability allows for SQL injection through the News module interface.
## Example Output
Tested on the [TryHackMe Simple CTF Challenge](https://tryhackme.com/room/easyctf).

![Exploit Output](images/image.png)

## Description

The exploit takes advantage of a SQL injection vulnerability in the CMS Made Simple News module. It can:
- Extract the CMS salt
- Dump admin username
- Dump admin email
- Dump admin password hash
- Optionally crack the password using a provided wordlist

## Quick Start

Download and run quickly using these commands:

```bash
# Download the exploit
curl -O https://raw.githubusercontent.com/del0x3/CVE-2019-9053-port-py3/main/exploit.py

# Download requirements
curl -O https://raw.githubusercontent.com/del0x3/CVE-2019-9053-port-py3/main/requirements.txt

# Install requirements
pip install -r requirements.txt

# Make exploit executable
chmod +x exploit.py

# Run the exploit
./exploit.py -u http://target.com/cms
```

Alternative using wget:
```bash
wget https://raw.githubusercontent.com/del0x3/CVE-2019-9053-port-py3/main/exploit.py
wget https://raw.githubusercontent.com/del0x3/CVE-2019-9053-port-py3/main/requirements.txt
pip install -r requirements.txt
chmod +x exploit.py
./exploit.py -u http://target.com/cms
```

## Requirements

- Python 3.6+
- Required packages (see requirements.txt)

## Installation

1. Clone this repository:
```bash
git clone https://github.com/del0x3/CVE-2019-9053-port-py3.git
cd CVE-2019-9053-port-py3
```

2. Install the required packages:
```bash
pip install -r requirements.txt
```

## Usage

Basic usage:
```bash
python3 exploit.py -u http://target.com/cms
```

With password cracking:
```bash
python3 exploit.py -u http://target.com/cms -c -w /path/to/wordlist.txt
```

### Arguments

- `-u, --url`: Base target URL (required)
- `-w, --wordlist`: Path to wordlist for password cracking
- `-c, --crack`: Enable password cracking mode

## Disclaimer

This tool is for educational and security research purposes only. Do not use it against systems without explicit permission.

## Credits

- Original exploit by Daniele Scanu
- Python 3 port by Del0x3

## License

MIT License
File Snapshot

 [4.0K]  /data/pocs/47182d7021632cc371e7ec3f97b4533ab9766353
├── [3.4K]  exploit.py
├── [4.0K]  images
│   └── [ 17K]  image.png
├── [ 129]  __init__.py
├── [1.0K]  LICENSE
├── [2.2K]  README.md
└── [  34]  requirements.txt

1 directory, 6 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.