This is an updated 2023 version (adapted for Python3) of the Python2 exploit for CVE-2019-9053 created by Daniele Scanu @ Certimeter Group in 2019. All I did was adapt the code for Python3. All credit goes to Daniele Scanu for the original exploit.
Information | Description |
---|---|
Exploit Title | Unauthenticated SQL Injection on CMS Made Simple <= 2.2.9 |
Exploit Version | Python3 |
Date | 10-15-2023 |
Author | Doc0x1 |
Vendor Homepage | https://www.cmsmadesimple.org/ |
Software Link | https://www.cmsmadesimple.org/downloads/cmsms/ |
Version | <= 2.2.9 |
Tested on | Ubuntu 18.04 LTS |
CVE | CVE-2019-9053 |
python3 exploit.py -u http://target-uri
python3 exploit.py -u http://target-uri --crack -w /path-wordlist