Share
## https://sploitus.com/exploit?id=281500D0-CEF4-5D3A-B207-AFB2D8D6BAD0
# CMS Made Simple CVE-2019-9053 Exploit (Python 3)
Python 3 compatible exploit for:
* CVE-2019-9053
* CMS Made Simple < 2.2.10
* Unauthenticated Time-Based Blind SQL Injection
## Features
* Dump username
* Dump email
* Dump password hash
* Dump CMS salt
* Python 3 runnable
## Requirements
```bash
pip3 install requests termcolor
```
## Usage
```bash
python3 exploit.py -u http://target/simple
```
Example:
```bash
python3 exploit.py -u http://10.10.10.10/simple
```
## Notes
* Converted from original Python 2 ExploitDB 46635 PoC - https://www.exploit-db.com/exploits/46635
* Related practice lab - https://tryhackme.com/room/easyctf
## Vulnerable Parameter
```text
m1_idlist
```
## CVE
```text
CVE-2019-9053
```