Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-9053 PoC — CMS Made Simple SQL注入漏洞

Source
https://github.com/Mahamedm/CVE-2019-9053-Exploit-Python-3
Associated Vulnerability
Title:CMS Made Simple SQL注入漏洞 (CVE-2019-9053)
Description:An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
Description
The exploit is edited to work with different text encodings and Python 3 and is compatible with CMSMS version 2.2.9 and below.
Readme
# CVE-2019-9053 Exploit (Python 3)
This repository contains an exploit for the vulnerability CVE-2019-9053 found in the CMS Made Simple (CMSMS) software. The exploit has been modified to work with Python 3 and is compatible with CMSMS version 2.2.9 and below.

## Description
CVE-2019-9053 is a Time-Based Blind SQLi vulnerability which enables the attacker to enumerate the database extracting informatiaon by monitoring delays in the responses of the application. The vulnerability is present in versions of CMSMS equal to or below 2.2.9.

## Exploit Details
The provided Python script is designed to extract data from the database, then optionally crack extracted hashes using a provided wordlist and different encodings. It attempts to open the specified wordlist file using various encodings and checks if the computed MD5 hash of the encoded password matches the target password.

The code has been edited to work with Python 3 and includes support for different types of encodings. It uses the hashlib library to compute MD5 hashes and performs necessary string manipulations to handle encoding and decoding operations.

## Usage
```
Usage: exploit.py [options]

Options:
  -h, --help            show this help message and exit
  -u URL, --url=URL     Base target uri (ex. http://10.10.10.100/cms)
  -w WORDLIST, --wordlist=WORDLIST
                        Wordlist for crack admin password
  -c, --crack           Crack password with wordlist
  -t TIME, --time=TIME  Time for SQLIi time based attack, default = 1
                        (second). The slower your internet is the larger this
                        number should be.
```

When you run the script it will pull down the password hash's salt, then the username, then the email, then the password hash letter by letter.
If it moves on from one of these extracted strings and the string seems short (as it it's around only 3 or 4 characters long), you should exit the program and utilise the `--time` and increase its value.

## Disclaimer
This exploit script is provided for educational purposes only. The authors do not promote or endorse any unauthorized use or exploitation of vulnerabilities. The responsibility for any illegal or unethical use of this script lies solely with the user.

### Please use this script responsibly and with proper authorization.
File Snapshot

 [4.0K]  /data/pocs/9e0e4b7e3f1c1fe49b1167b69e2a40c1cc9fa33a
├── [6.9K]  csm_made_simple_injection.py
└── [2.3K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →