Share
## https://sploitus.com/exploit?id=565E6BCA-110F-5DAF-86E1-7214DA60A771
# CVE-2024-32640 MySQL Blind SQL Injection Proof of Concept

This Python script demonstrates a time-based blind SQL injection exploit for **MySQL databases**, specifically designed for **CVE-2024-32640**. It can be used to verify vulnerability in a target URL, and if the vulnerability exists, extract information such as the current database name or the current MySQL user.

## Features

- **Vulnerability Detection**: Detects SQL injection vulnerability via time-based `SLEEP` delays.
- **Information Extraction**: Dumps specific information (e.g., database name or user) character-by-character using binary search to optimize extraction speed.
- **Proxy Support**: Optional support for running requests through a local proxy (e.g., Burp Suite on localhost:8080).

## Requirements

- **Python 3.x**
- **Requests Library**: Install using `pip install requests`

## Usage

### Arguments

- `-u`, `--url`: Target URL for single-target testing.
- `-f`, `--file`: Path to a file containing a list of URLs to test.
- `-p`, `--proxy`: Enable proxy mode (default `localhost:8080`) to route traffic through a proxy.
- `--dump`: Specify information to extract:
  - `dbname`: Extract the name of the current database.
  - `user`: Extract the current MySQL user.

### Examples

#### Single Target Detection

To detect if a URL is vulnerable:

```bash
python3 CVE-2024-32640.py -u "https://example.com" --dump user
```

#### Extract Database Name for a List of URLs

To extract the database name from multiple URLs:

```bash
python3 CVE-2024-32640.py -f urls.txt --dump dbname
```

#### Enable Proxy for Traffic Analysis

Route traffic through localhost:8080 (e.g., for use with Burp Suite):

```bash
python3 CVE-2024-32640.py -u "https://example.com" --dump user -p
```