Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2016-2555 PoC — ATutor SQL注入漏洞

Source
https://github.com/HussainFathy/CVE-2016-2555
Associated Vulnerability
Title:ATutor SQL注入漏洞 (CVE-2016-2555)
Description:SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php.
Description
CVE-2016-2555 Exploit
Readme
# CVE-2016-2555 Exploit 

This exploit targets a **SQL Injection vulnerability** and an **authentication weakness vulnerability** in **ATutor 2.2.1**. By exploiting these vulnerabilities, the attacker can upload malicious code to achieve **Remote Code Execution (RCE)** on the vulnerable server.

## Usage

```bash
$ python3 CVE-2016-2555.py {target}:{port}
```
Example:
```bash
$ python3  CVE-2016-2555.py 127.0.0.1:8080
```
## Features

- Exploits the SQL Injection vulnerability in ATutor 2.2.1.
- Bypasses authentication to gain administrative access.
- Uploads a malicious payload to achieve RCE.

## Disclaimer

This script is provided for educational purposes only. Unauthorized use of this script against systems without proper authorization is illegal. Always ensure you have explicit permission from the system owner before running this exploit.
File Snapshot

 [4.0K]  /data/pocs/4684f156a9fe9d38d3c5551feccfaedc3dfdb26e
├── [4.7K]  CVE-2016-2555.py
└── [ 857]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →