关联漏洞
标题:
CMS Made Simple SQL注入漏洞
(CVE-2019-9053)
描述:CMS Made Simple(CMSMS)是CMSMS团队的一套开源的内容管理系统(CMS)。该系统支持基于角色的权限管理系统、基于向导的安装与更新机制、智能缓存机制等。 CMSMS 2.2.8版本中存在SQL注入漏洞,该漏洞源于基于数据库的应用缺少对外部输入SQL语句的验证。攻击者可利用该漏洞执行非法SQL命令。
描述
The exploit is edited to work with different text encodings and Python 3 and is compatible with CMSMS version 2.2.9 and below.
介绍
# CVE-2019-9053 Exploit (Python 3)
This repository contains an exploit for the vulnerability CVE-2019-9053 found in the CMS Made Simple (CMSMS) software. The exploit has been modified to work with Python 3 and is compatible with CMSMS version 2.2.9 and below.
## Description
CVE-2019-9053 is a Time-Based Blind SQLi vulnerability which enables the attacker to enumerate the database extracting informatiaon by monitoring delays in the responses of the application. The vulnerability is present in versions of CMSMS equal to or below 2.2.9.
## Exploit Details
The provided Python script is designed to extract data from the database, then optionally crack extracted hashes using a provided wordlist and different encodings. It attempts to open the specified wordlist file using various encodings and checks if the computed MD5 hash of the encoded password matches the target password.
The code has been edited to work with Python 3 and includes support for different types of encodings. It uses the hashlib library to compute MD5 hashes and performs necessary string manipulations to handle encoding and decoding operations.
## Usage
```
Usage: exploit.py [options]
Options:
-h, --help show this help message and exit
-u URL, --url=URL Base target uri (ex. http://10.10.10.100/cms)
-w WORDLIST, --wordlist=WORDLIST
Wordlist for crack admin password
-c, --crack Crack password with wordlist
-t TIME, --time=TIME Time for SQLIi time based attack, default = 1
(second). The slower your internet is the larger this
number should be.
```
When you run the script it will pull down the password hash's salt, then the username, then the email, then the password hash letter by letter.
If it moves on from one of these extracted strings and the string seems short (as it it's around only 3 or 4 characters long), you should exit the program and utilise the `--time` and increase its value.
## Disclaimer
This exploit script is provided for educational purposes only. The authors do not promote or endorse any unauthorized use or exploitation of vulnerabilities. The responsibility for any illegal or unethical use of this script lies solely with the user.
### Please use this script responsibly and with proper authorization.
文件快照
[4.0K] /data/pocs/9e0e4b7e3f1c1fe49b1167b69e2a40c1cc9fa33a
├── [6.9K] csm_made_simple_injection.py
└── [2.3K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。