Share
## https://sploitus.com/exploit?id=281500D0-CEF4-5D3A-B207-AFB2D8D6BAD0
# CMS Made Simple CVE-2019-9053 Exploit (Python 3)

Python 3 compatible exploit for:

* CVE-2019-9053
* CMS Made Simple < 2.2.10
* Unauthenticated Time-Based Blind SQL Injection

## Features

* Dump username
* Dump email
* Dump password hash
* Dump CMS salt
* Python 3 runnable

## Requirements

```bash
pip3 install requests termcolor
```

## Usage

```bash
python3 exploit.py -u http://target/simple
```

Example:

```bash
python3 exploit.py -u http://10.10.10.10/simple
```

## Notes

* Converted from original Python 2 ExploitDB 46635 PoC - https://www.exploit-db.com/exploits/46635
* Related practice lab - https://tryhackme.com/room/easyctf
## Vulnerable Parameter

```text
m1_idlist
```

## CVE

```text
CVE-2019-9053
```