Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-9053 PoC — CMS Made Simple SQL注入漏洞

Source
https://github.com/CaelumIsMe/CVE-2019-9053-POC
Associated Vulnerability
Title:CMS Made Simple SQL注入漏洞 (CVE-2019-9053)
Description:An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
Readme
# CMS Made Simple < 2.2.10 SQL Injection Exploit

![Exploit Banner](https://img.shields.io/badge/Exploit-EDB%2046635-blue?style=flat-square)

## 🚨 Educational SQL Injection Exploit 🚨

**Author:** Daniele Scanu  
**Reference:** [Exploit-DB 46635](https://www.exploit-db.com/exploits/46635)  
**CVE:** [CVE-2019-9053](https://nvd.nist.gov/vuln/detail/CVE-2019-9053)

---

> **⚠️ Disclaimer:**
> This script is for **educational and authorized testing** purposes only. Do not use it on systems you do not own or have explicit permission to test. The author and contributors are not responsible for any misuse or damage caused by this tool.

---

## 🎯 What is this?

This is a Python 3 exploit script for the **Unauthenticated SQL Injection vulnerability** in CMS Made Simple versions **< 2.2.10**. It automates the extraction of sensitive information (salt, username, email, password hash) from a vulnerable CMS instance using a time-based blind SQL injection.

## 🕹️ Features
- Extracts admin salt, username, email, and password hash
- Optional password cracking with a supplied wordlist
- Colorful, interactive terminal output
- Fully Python 3 compatible

## 📚 References
- [Exploit-DB Entry 46635](https://www.exploit-db.com/exploits/46635)
- [CMS Made Simple Official Site](https://www.cmsmadesimple.org/)

## 🚀 Usage

```bash
python cms_exploit.py -u http://target-uri
```

To attempt password cracking with a wordlist:

```bash
python cms_exploit.py -u http://target-uri --crack -w /path/to/wordlist.txt
```

### Example
```
python cms_exploit.py -u http://10.10.10.100/cms
```

## 🛠️ Requirements
- Python 3.x
- `requests` library
- `termcolor` library

Install dependencies with:
```bash
pip install requests termcolor
```

## 🧩 How it Works
- Performs a time-based blind SQL injection to enumerate the salt, username, email, and password hash of the admin user.
- Optionally cracks the password hash using a supplied wordlist and the extracted salt.

## 🎨 Output
The script provides a colorful, step-by-step output of the extraction and cracking process, making it both informative and fun to watch!

---

## 👾 For Fun & Learning
This script is a great way to learn about SQL injection, time-based attacks, and password cracking. Use it responsibly, and always with permission!

---

## 📝 License
This project is for educational use only. No warranty, no guarantees. Have fun, hack ethically, and stay curious!
File Snapshot

 [4.0K]  /data/pocs/0bc57697bec5b7e3971dbb309be29f006c2c8fcf
├── [6.5K]  cms_exploit.py
└── [2.5K]  README.md

1 directory, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →