CVE-2019-9053 PoC — CMS Made Simple SQL注入漏洞

Source

https://github.com/jtoalu/CTF-CVE-2019-9053-GTFOBins

Associated Vulnerability

Title:CMS Made Simple SQL注入漏洞 (CVE-2019-9053)
Description:An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.

Readme

# CTF, CVE-2019-9053, GTFOBins
I utilized the machines on https://tryhackme.com/ and my own ***Kali on WSL*** to do this exercise and it is part of the CTF challenge. The following information helped me solved the challenge:
- ***vim*** on https://gtfobins.github.io/gtfobins/vim/ and https://gtfobins.github.io/
- ***sudoers*** on https://help.ubuntu.com/community/Sudoers
- ***sudo*** on https://www.geeksforgeeks.org/sudo-command-in-linux-with-examples/
- ***CVE-2019-9053*** on https://nvd.nist.gov/vuln/detail/CVE-2019-9053 and https://www.exploit-db.com/exploits/46635 and https://github.com/Mahamedm/CVE-2019-9053-Exploit-Python-3/blob/main/csm_made_simple_injection.py

1. [Nmap](https://github.com/jtoalu/Nmap-Wreath) was utilized to find information about the target machine. nmap -sC -sV -O -p- -oN CTF 10.10.46.2 can be utilized.

![](https://github.com/jtoalu/CTF-CVE-2019-9053-GTFOBins/blob/main/Screenshot%202024-08-09%20130239.png)

2. The result shows there is a website running on the target machine. Tools such as https://www.kali.org/tools/dirbuster/ and https://www.kali.org/tools/gobuster/ can be utilized to find out any other information about the website. The result contains several information and the ***/simple*** is the most useful information on this challenge. After navigating to the ***simple*** folder/path/directory of the website, we found a website running on https://www.cmsmadesimple.org/ 

![](https://github.com/jtoalu/CTF-CVE-2019-9053-GTFOBins/blob/main/Screenshot%202024-08-07%20213714.png) 

3. Scroll down the webpage and we shall find the version of the CMS which is 2.2.8 and it has ***CVE-2019-9053*** vulnerabilities. The information about ***CVE-2019-9053*** is available on the top section of this documentation.

![](https://github.com/jtoalu/CTF-CVE-2019-9053-GTFOBins/blob/main/Screenshot%202024-08-07%20213741.png)

4. The Python code on https://github.com/Mahamedm/CVE-2019-9053-Exploit-Python-3/blob/main/csm_made_simple_injection.py can be utilized to execute a ***SQL Injection*** on the website.

![](https://github.com/jtoalu/CTF-CVE-2019-9053-GTFOBins/blob/main/Screenshot%202024-08-07%20211539.png)

5. The wordlists utilized to crack the password are available in the TryHackMe AttackBox.

![](https://github.com/jtoalu/CTF-CVE-2019-9053-GTFOBins/blob/main/Screenshot%202024-08-07%20211727.png)

6. We found the username and password in through the ***SQL Injection*** and we utilized the information to ***ssh*** into the target machine.

![](https://github.com/jtoalu/CTF-CVE-2019-9053-GTFOBins/blob/main/Screenshot%202024-08-07%20212328.png)

7. We execute ***sudo -l*** to check whether there is a possible of ***GTFOBins*** and we found https://gtfobins.github.io/gtfobins/vim/

![](https://github.com/jtoalu/CTF-CVE-2019-9053-GTFOBins/blob/main/Screenshot%202024-08-09%20105323.png)

8. After executing ***vim -c ':!/bin/sh'*** through a regular user account, we obtain an access to the ***root*** account.

![](https://github.com/jtoalu/CTF-CVE-2019-9053-GTFOBins/blob/main/Screenshot%202024-08-09%20105619.png)

Note to Self: https://docs.github.com/en/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax and https://stackoverflow.com/questions/11509830/how-to-add-color-to-githubs-readme-md-file

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →