关联漏洞
标题:
CMS Made Simple SQL注入漏洞
(CVE-2019-9053)
描述:CMS Made Simple(CMSMS)是CMSMS团队的一套开源的内容管理系统(CMS)。该系统支持基于角色的权限管理系统、基于向导的安装与更新机制、智能缓存机制等。 CMSMS 2.2.8版本中存在SQL注入漏洞,该漏洞源于基于数据库的应用缺少对外部输入SQL语句的验证。攻击者可利用该漏洞执行非法SQL命令。
描述
Python3 version of the Python2 exploit for CVE-2019-9053
介绍
# CVE-2019-9053-Python3
## Description
This is an updated 2023 version (adapted for Python3) of the Python2 exploit for CVE-2019-9053 created by Daniele Scanu @ Certimeter Group in 2019. All I did was adapt the code for Python3. All credit goes to Daniele Scanu for the original exploit.
| Information | Description |
| --------------- | --------------------------------------------------------- |
| Exploit Title | Unauthenticated SQL Injection on CMS Made Simple <= 2.2.9 |
| Exploit Version | Python3 |
| Date | 10-15-2023 |
| Author | Doc0x1 |
| Vendor Homepage | https://www.cmsmadesimple.org/ |
| Software Link | https://www.cmsmadesimple.org/downloads/cmsms/ |
| Version | <= 2.2.9 |
| Tested on | Ubuntu 18.04 LTS |
| CVE | CVE-2019-9053 |
## Usage
### Specify a target URI and optionally a wordlist for cracking the admin password.
##### Example usage (no cracking password):
`python3 exploit.py -u http://target-uri`
##### Example usage (with cracking password):
`python3 exploit.py -u http://target-uri --crack -w /path-wordlist`
文件快照
[4.0K] /data/pocs/d7765a0de177bbba6bd2123bf8612346ed528361
├── [6.5K] exploit.py
├── [ 34K] LICENSE
├── [1.4K] README.md
└── [ 104] requirements.txt
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。