CVE-2025-41373 PoC — TESI Gandia Integra Total SQL注入漏洞

Source

Associated Vulnerability

Description

PoC for CVE-2025-41373  Authenticated SQL Injection in Gandia Integra Total v2.1.2217.3–4.4.2236.1  

Readme

# CVE-2025-41373 – SQL Injection in Gandia Integra Total

**Author:** Byte Reaper  
**CVE:** CVE-2025-41373  
**Vulnerability:** Authenticated SQL Injection  
**Affected Path:**   /encuestas/integraweb_v4/integra/html/view/hislistadoacciones.php?idestudio=<input>

**Description:**  
This endpoint concatenates the `idestudio` parameter directly into an SQL query without proper sanitization or parameterization, allowing an attacker to inject arbitrary SQL. This PoC leverages both boolean-based and time-based techniques to detect and demonstrate the vulnerability.

## Usage

```
# Build
gcc exploit.c argparse.c -o exploit -lcurl

# Run exploit against <URL>
./exploit -u <URL>

# Verbose output
./exploit -u <URL> -v

# WAF detection mode
./exploit -u <URL> -w
Replace <URL> with the target base URL (e.g. http://127.0.0.1).
```
## References:


  - NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-41373
  
  - incibe : https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-gandia-integra-total-tesi

  
## License :
MIT License

File Snapshot

 [4.0K]  /data/pocs/7295aff0249695bbfa58f7a5c69b9404931a3fed
├── [ 24K]  exploit.c
├── [1.0K]  LICENSE
└── [1.1K]  README.md

0 directories, 3 files

Remarks