POC详情: e8609be83b4060f8fa3b833961a4918cedf0eea8

来源
https://github.com/nak000/CVE-2025-24799-sqli
关联漏洞
标题: GLPI SQL注入漏洞 (CVE-2025-24799)
描述:GLPI是GLPI开源的一款开源IT和资产管理软件。该软件提供功能全面的IT资源管理接口,你可以用它来建立数据库全面管理IT的电脑,显示器,服务器,打印机,网络设备,电话,甚至硒鼓和墨盒等。 GLPI存在SQL注入漏洞,该漏洞源于库存端点SQL注入,可能导致未经授权的操作。
介绍



# CVE-2025-24799 SQLi Scanner

A fast SQL injection vulnerability scanner built with Python. Uses time-based SQLi detection with multithreading and colorful output, designed for testing CVE-2025-24799 vulnerabilities.

---

## Features
- Scans single URLs or lists from files
- Shows vulnerable URLs live as they're found
- Multithreaded for speed
- Colorful CLI output
- Option to save results

---

## Installation

1. Clone the repo:
   ```bash
   git clone https://github.com/MuhammadWaseem29/CVE-2025-24799.git
   cd CVE-2025-24799
   ```

2. Install required packages:
   ```bash
   pip install requests colorama
   ```

---

## Usage

Run with Python 3:

### Scan a Single URL
```bash
python3 exploit.py -u http://example.com
```
Output:
```
[VULN] http://example.com/index.php/ajax/ - Delay: 7.40s
```

### Scan URLs from a File
```bash
python3 exploit.py -f urls.txt -t 15
```
Output:
```
Scanning: 100/1000 (10.0%)
[VULN] http://example.com/index.php/ajax/ - Delay: 7.10s
```

### Save Results to a File
```bash
python3 exploit.py -f urls.txt -o results.txt -t 10
```
Output:
```
Scanning: 50/500 (10.0%)
[VULN] http://test.com/index.php/ajax/ - Delay: 7.20s
[+] Results saved to results.txt
```
![image](https://github.com/user-attachments/assets/1960c2e0-0101-4663-82bd-2e71ed71b4be)

Validate via curl 

![image](https://github.com/user-attachments/assets/710df31f-3bde-4538-a72a-f9fe093414a0)


### Options
- `-u <URL>`: Single URL to scan
- `-f <FILE>`: File with URLs (one per line)
- `-o <FILE>`: Save results to file
- `-t <NUM>`: Number of threads (default: 10)

---

## Sample Output
```
╔════════════════════════════╗
║ Noob-Wasi SQLi Scanner    ║
║ Coded by: Noob-Wasi       ║
║ Version: 1.0             ║
╚════════════════════════════╝

Starting SQL injection scan...
Scanning: 200/3494 (5.7%)
[VULN] http://152.67.42.99/index.php/ajax/ - Delay: 7.40s
Scanning: 745/3494 (21.3%)

Scan completed!
```

---

## Notes
- Requires Python 3.x
- Test only on systems you have permission to scan
- Adjust threads (`-t`) based on your system/network

---

**Author**: Noob-Wasi  
**GitHub**: [github.com/MuhammadWaseem29](https://github.com/MuhammadWaseem29)
```
文件快照

 [4.0K]  /data/pocs/e8609be83b4060f8fa3b833961a4918cedf0eea8
├── [5.2K]  exploit.py
└── [2.3K]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。