Skip to content

CarlosCorales/CVE-2019-9053-Exploit-Python-3

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
README.md
README.md
 
 
csm_made_simple_injection.py
csm_made_simple_injection.py
 
 
requirement.txt
requirement.txt
 
 

Repository files navigation

CVE-2019-9053 Exploit (Python 3)

This repository contains an exploit for the vulnerability CVE-2019-9053 found in the CMS Made Simple (CMSMS) software. The exploit has been modified to work with Python 3 and is compatible with CMSMS version 2.2.9 and below.

Description

CVE-2019-9053 is a Time-Based Blind SQLi vulnerability which enables the attacker to enumerate the database extracting informatiaon by monitoring delays in the responses of the application. The vulnerability is present in versions of CMSMS equal to or below 2.2.9.

Exploit Details

The provided Python script is designed to extract data from the database, then optionally crack extracted hashes using a provided wordlist and different encodings. It attempts to open the specified wordlist file using various encodings and checks if the computed MD5 hash of the encoded password matches the target password.

The code has been edited to work with Python 3 and includes support for different types of encodings. It uses the hashlib library to compute MD5 hashes and performs necessary string manipulations to handle encoding and decoding operations.

Usage

Usage: exploit.py [options]

Options:
  -h, --help            show this help message and exit
  -u URL, --url=URL     Base target uri (ex. http://10.10.10.100/cms)
  -w WORDLIST, --wordlist=WORDLIST
                        Wordlist for crack admin password
  -c, --crack           Crack password with wordlist
  -t TIME, --time=TIME  Time for SQLIi time based attack, default = 1
                        (second). The slower your internet is the larger this
                        number should be.
  -s salt, --salt=salt  Salt for password hash
  -p pass, --pass=pass  Password hash

When you run the script it will pull down the password hash's salt, then the username, then the email, then the password hash letter by letter. If it moves on from one of these extracted strings and the string seems short (as it it's around only 3 or 4 characters long), you should exit the program and utilise the --time and increase its value.

If you only want to crack the password, you can pass the salt and hash as arguments to the script. The script will then attempt to crack the password using the provided wordlist. ex: python3 csm_made_simple_injection.py -u http://10.10.10.100/cms -t 4 -c -w /usr/share/wordlists/mylist.txt -p xxxxxxxxxxxxxxxxx -s yyyyyyyyyyyyyyy

Disclaimer

This exploit script is provided for educational purposes only. The authors do not promote or endorse any unauthorized use or exploitation of vulnerabilities. The responsibility for any illegal or unethical use of this script lies solely with the user.

Please use this script responsibly and with proper authorization.

About

The exploit is edited to work with different text encodings and Python 3 and is compatible with CMSMS version 2.2.9 and below.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages

  • Python 100.0%