Share
## https://sploitus.com/exploit?id=30967EB0-0266-5299-B320-A1B10098A612
# CVEā2025ā6907 SQLi Exploit Tool
**File:** `exploit.c`
**Author:** Byte Reaper
**Target Service:** CODE_PROJECT
**Type:** SQL Injection
---
## š Overview
This is a standalone C-based SQL Injection exploit targeting the **CVEā2025ā6907** vulnerability in the **CODE_PROJECT** service.
It combines multiple advanced techniques:
- Automated payload enumeration (including Boolean- and Timeābased checks)
- Inline assembly syscalls for directory/process inspection
- Memoryāmapping dump (`/proc/self/maps`)
- Rotating UserāAgent strings
- Optional environment checks (files, folders, Apache)
- Detailed verbose output and payload address mapping
---
## āļø Features
- **Partial & Full URL modes** (`-u / --url`, `-i / --input`)
- **Show HTTP responses** (`-r / --response`)
- **Environment checks** (`-c / --check`)
- **Verbose mode** (`-v / --verbose`):
- Detailed `curl` logs
- Payload pointer & length printouts
- Memory map dump
- **Help page** (`-h / --help`) with full argument explanations
---
## š ļø Prerequisites
- Linux x86_64
- `gcc`, `make`
- `libcurl` development headers
- `argparse.h` (C argumentāparser header)
---
## š„ Installation
# Build
gcc exploit.c argparse.c -o exploit -lcurl
š Usage
./exploit [options]
Arguments
Short Long Description
-h --help Show detailed help and exit.
-u --url Base URL (partial). Appends payloads to book_car.php?fname= by default.
-i --input Treat provided URL as full (including query).
-r --response Print HTTP response bodies for each payload attempt.
-c --check Perform environment checks (files, folders, Apache processes).
-v --verbose Enable verbose logs, payload address mapping, and memory map dump.
Examples
Basic scan
./exploit -u http://127.0.0.1
Show server responses
./exploit -u http://127.0.0.1 -r
FullāURI mode
./exploit -u "http://127.0.0.1
Environment & Apache check
sudo ./exploit -c
Verbose with memory map
sudo ./exploit -i http://127.0.0.1/book_car.php?fname= -v
OR
sudo ./exploit -i http://127.0.0.1/folder/file.php?fname=
š§© How It Works
Startup checks
Ensures running on Linux
Requires root for some operations (memory map, directory syscalls)
Argument parsing
Uses argparse.h to handle flags and options
Environment inspection (-c)
Scans /var/www/html for known CODE_PROJECT folders
Lists and classifies important PHP files
Checks/runs Apache service
Payload injection loop
Iterates a list of SQL strings (boolean, UNION, timeābasedā¦)
URLāencodes and sends via libcurl
Detects SQLi via response signatures or time delays
Advanced logging (-v)
Prints each payloadās memory address and length
Dumps /proc/self/maps memory regions
ā ļø Disclaimer
For authorized testing only. Do NOT use against systems you do not own or have explicit permission to test.
Use responsibly and ethically.
š License
This work is provided āas-isā without warranty of any kind. Use at your own risk.