CVE-2019-9053 PoC — CMS Made Simple SQL注入漏洞

Source

Associated Vulnerability

Description

working exploit for CVE-2019-9053 

Readme

# CVE-2019-9053-exploit
working exploit for CVE-2019-9053 

I edited oryginal exploit and now its working well. Oryginal exploit had some problems like missing syntax. 

Usage: 

Example usage (no cracking password): exploit.py -u http://target-uri

Example usage (with cracking password): exploit.py -u http://target-uri --crack -w /path-wordlist

If you get this when cracking a password:

```[*] Now try to crack password
Traceback (most recent call last):
  File "/home/home/Simple_CTF/exploit.py", line 184, in <module>
    crack_password()
  File "/home/user/Simple_CTF/exploit.py", line 53, in crack_password
    for line in dict.readlines():
                ^^^^^^^^^^^^^^^^
  File "<frozen codecs>", line 322, in decode
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xf1 in position 933: invalid continuation byte
```

Just try convert Your wordlist to UTF8: 

iconv -f ISO-8859-1 -t UTF-8 /usr/share/wordlists/rockyou.txt > rockyou_utf8.txt

If it still won't work try passwordcracker.py but remember to change salt and pasword value before start cracking

File Snapshot

 [4.0K]  /data/pocs/9c338214a23404f1f904ed36e6b7cd1a80f169ee
├── [6.1K]  exploit.py
├── [ 378]  passwordcracker.py
└── [1.0K]  README.md

0 directories, 3 files

Remarks