CVE-2019-9053 PoC — CMS Made Simple SQL注入漏洞

Source

https://github.com/FedericoTorres233/CVE-2019-9053-Fixed

Associated Vulnerability

Title:CMS Made Simple SQL注入漏洞 (CVE-2019-9053)
Description:An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.

Description

CVE-2019-9054 exploit added support for python3 + bug fixes

Readme

### *The user assumes all responsibility for any action taken using this tool. If these terms are not acceptable to you, please do not use this tool. Use it only in environments where you are permitted to perform pentesting activities*
# Bug fixes for the [CVE-2019-9053 exploit](https://www.exploit-db.com/exploits/46635)
Some bug fixes for the CVE-2019-9053 exploit, affecting CMS Made Simple < 2.2.10 that uses SQL Injection. I found this bug while doing the [Simple CTF at TryHackMe](https://tryhackme.com/r/room/easyctf)

* Link to the original exploit [here](https://www.exploit-db.com/exploits/46635)

<div align="center">

<img src="screenshot.png" />

</div>

## How to fix this bug

1) Clone the repository
```
git clone https://github.com/FedericoTorres233/CVE-2019-9053-Fixed
```

2) Create a file named cve.py and copy the contents of the [raw file](https://www.exploit-db.com/raw/46635) or [download it](https://www.exploit-db.com/exploits/46635)
```
touch cve.py
```

3) Apply the patch
```
patch cve.py < cve.diff
```

4) Execute the command using `python3`

File Snapshot


 [4.0K]  /data/pocs/344db167d70b7ddb24482bdfe9446b5a29fcdadd
├── [2.1K]  cve.diff
├── [1.0K]  README.md
└── [152K]  screenshot.png

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!