Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-9053 PoC — CMS Made Simple SQL注入漏洞

Source
https://github.com/Doc0x1/CVE-2019-9053-Python3
Associated Vulnerability
Title:CMS Made Simple SQL注入漏洞 (CVE-2019-9053)
Description:CMS Made Simple(CMSMS)是CMSMS团队的一套开源的内容管理系统(CMS)。该系统支持基于角色的权限管理系统、基于向导的安装与更新机制、智能缓存机制等。 CMSMS 2.2.8版本中存在SQL注入漏洞,该漏洞源于基于数据库的应用缺少对外部输入SQL语句的验证。攻击者可利用该漏洞执行非法SQL命令。
Description
Python3 version of the Python2 exploit for CVE-2019-9053
Readme
# CVE-2019-9053-Python3

## Description

This is an updated 2023 version (adapted for Python3) of the Python2 exploit for CVE-2019-9053 created by Daniele Scanu @ Certimeter Group in 2019. All I did was adapt the code for Python3. All credit goes to Daniele Scanu for the original exploit.

| Information     | Description                                               |
| --------------- | --------------------------------------------------------- |
| Exploit Title   | Unauthenticated SQL Injection on CMS Made Simple <= 2.2.9 |
| Exploit Version | Python3                                                   |
| Date            | 10-15-2023                                                |
| Author          | Doc0x1                                                    |
| Vendor Homepage | https://www.cmsmadesimple.org/                            |
| Software Link   | https://www.cmsmadesimple.org/downloads/cmsms/            |
| Version         | <= 2.2.9                                                  |
| Tested on       | Ubuntu 18.04 LTS                                          |
| CVE             | CVE-2019-9053                                             |

## Usage

### Specify a target URI and optionally a wordlist for cracking the admin password.
##### Example usage (no cracking password): 
`python3 exploit.py -u http://target-uri`
##### Example usage (with cracking password): 
`python3 exploit.py -u http://target-uri --crack -w /path-wordlist`
File Snapshot

 [4.0K]  /data/pocs/d7765a0de177bbba6bd2123bf8612346ed528361
├── [6.5K]  exploit.py
├── [ 34K]  LICENSE
├── [1.4K]  README.md
└── [ 104]  requirements.txt

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.