Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2019-9053 PoC — CMS Made Simple SQL注入漏洞

Source
https://github.com/so1icitx/CVE-2019-9053
Associated Vulnerability
Title:CMS Made Simple SQL注入漏洞 (CVE-2019-9053)
Description:An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
Description
Unauthenticated SQL injection exploit for CVE-2019-9053 in CMS Made Simple <= 2.2.9. Extracts admin creds with time-based SQLi.
Readme
# CVE-2019-9053 Exploit - CMS Made Simple Unauthenticated SQL Injection (SQLi) 

An exploit script for **CVE-2019-9053**, a critical **unauthenticated SQL injection (SQLi)** vulnerability in **CMS Made Simple** versions **2.2.9 and below**. This tool leverages **time-based SQL injection** to extract **admin credentials** (username, email, password hash, and salt) from vulnerable **CMS Made Simple** sites. It also offers optional **password cracking** using a wordlist, targeting this **security flaw** that allows attackers to retrieve sensitive data without authentication. Exploitation of **CVE-2019-9053** can lead to **full site takeover**, **data breaches**, or **malicious code injection**, making it a significant risk for unpatched systems.

## Author
- **so1icitx**

## Features
- Tests **CMS Made Simple** for **CVE-2019-9053** vulnerability with a **time-based SQLi** check.
- Extracts **admin credentials**: salt, username, email, and password hash.
- Optional **password cracking** with a wordlist to recover plaintext passwords.
- Colorized output for easy monitoring of **SQL injection** progress.
- Debug mode displaying request URLs and response times for **vulnerability exploitation**.

## Prerequisites
- **Python 3.6+**
- Required packages:
  ```bash
  pip install requests termcolor
  ```

## Usage
```bash
python3 exploit.py -u <target_url> [options]
```

### Options
- `-u, --url`: Base URL of the **CMS Made Simple** instance (e.g., `http://example.com`) - required.
- `-w, --wordlist`: Path to a wordlist file or directory for **password cracking** (optional).
- `-c, --crack`: Enable **password cracking** mode (optional).
- `-t, --time`: Sleep time in seconds for **time-based SQL injection** (default: 5).

### Examples
- Basic **SQLi exploit**:
  ```bash
  python3 exploit.py -u http://10.10.171.64/simple
  ```
- With **password cracking**:
  ```bash
  python3 exploit.py -u http://10.10.171.64/simple -c -w /path/to/rockyou.txt
  ```
- Custom sleep time for **time-based SQLi**:
  ```bash
  python3 exploit.py -u http://10.10.171.64/simple -t 10
  ```

## Notes
- Targets must run **CMS Made Simple 2.2.9 or below** with the News module enabled.
- Exploits a flaw in `/moduleinterface.php`, allowing **unauthenticated attackers** to perform **SQL injection**.
- Adjust `--time` based on network latency (e.g., 10 seconds for slower responses).
- Wordlist directories are scanned for common files like `rockyou.txt` for **credential cracking**.
- Use responsibly on authorized systems only to avoid **data breaches** or **site compromise**.
- Contact me at `so1citix.zone242@passinbox.com` for support or issues!

## Disclaimer
This tool is for **educational** and **authorized security testing** purposes only. Unauthorized exploitation of **CVE-2019-9053** is illegal and unethical.

---
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →