关联漏洞
标题:
ATutor SQL注入漏洞
(CVE-2016-2555)
描述:ATutor是ATutor团队开发的一套开源的基于Web的学习内容管理系统(LCMS)。该系统包括教学内容管理、论坛、聊天室等模块。 ATutor 2.2.1版本中的include/lib/mysql_connect.inc.php文件存在SQL注入漏洞。远程攻击者可利用该漏洞执行任意的SQL命令。
描述
CVE-2016-2555 Exploit
介绍
# CVE-2016-2555 Exploit
This exploit targets a **SQL Injection vulnerability** and an **authentication weakness vulnerability** in **ATutor 2.2.1**. By exploiting these vulnerabilities, the attacker can upload malicious code to achieve **Remote Code Execution (RCE)** on the vulnerable server.
## Usage
```bash
$ python3 CVE-2016-2555.py {target}:{port}
```
Example:
```bash
$ python3 CVE-2016-2555.py 127.0.0.1:8080
```
## Features
- Exploits the SQL Injection vulnerability in ATutor 2.2.1.
- Bypasses authentication to gain administrative access.
- Uploads a malicious payload to achieve RCE.
## Disclaimer
This script is provided for educational purposes only. Unauthorized use of this script against systems without proper authorization is illegal. Always ensure you have explicit permission from the system owner before running this exploit.
文件快照
[4.0K] /data/pocs/4684f156a9fe9d38d3c5551feccfaedc3dfdb26e
├── [4.7K] CVE-2016-2555.py
└── [ 857] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。