CVE-2019-9053 PoC — CMS Made Simple SQL注入漏洞

Source

https://github.com/e-renna/CVE-2019-9053

Associated Vulnerability

Title:CMS Made Simple SQL注入漏洞 (CVE-2019-9053)
Description:CMS Made Simple（CMSMS）是CMSMS团队的一套开源的内容管理系统(CMS)。该系统支持基于角色的权限管理系统、基于向导的安装与更新机制、智能缓存机制等。 CMSMS 2.2.8版本中存在SQL注入漏洞，该漏洞源于基于数据库的应用缺少对外部输入SQL语句的验证。攻击者可利用该漏洞执行非法SQL命令。

Description

CVE-2019-9053 Exploit for Python 3

Readme

# CVE-2019-9053

CVE-2019-9053 Exploit for Python 3

Last tested: 28-12-2021

Tested on: Python 3.10.1

Original Exploit Source: https://www.exploit-db.com/exploits/46635



Users take full responsibility for any actions performed using this tool.

If these terms are not acceptable to you, then do not use this tool.

Please use this tool only in environments where you have permissions to perform penetration testing activities.

Please do not use this tool for any malicious purpose.



## Note on wordlist character encoding
This exploit code requires a UTF-8 file as a Wordlist.

For example, if you use rockyou, which comes with Kali-Linux according to some CTF instructions, you need to change its character encoding from Latin-1 to UTF-8.

File Snapshot


 [4.0K]  /data/pocs/7eb946f1552abfcd3483ed019d4d5cbc0fdec4d2
├── [6.5K]  exploit.py
└── [ 747]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!