## https://sploitus.com/exploit?id=565E6BCA-110F-5DAF-86E1-7214DA60A771
# CVE-2024-32640 MySQL Blind SQL Injection Proof of Concept
This Python script demonstrates a time-based blind SQL injection exploit for **MySQL databases**, specifically designed for **CVE-2024-32640**. It can be used to verify vulnerability in a target URL, and if the vulnerability exists, extract information such as the current database name or the current MySQL user.
## Features
- **Vulnerability Detection**: Detects SQL injection vulnerability via time-based `SLEEP` delays.
- **Information Extraction**: Dumps specific information (e.g., database name or user) character-by-character using binary search to optimize extraction speed.
- **Proxy Support**: Optional support for running requests through a local proxy (e.g., Burp Suite on localhost:8080).
## Requirements
- **Python 3.x**
- **Requests Library**: Install using `pip install requests`
## Usage
### Arguments
- `-u`, `--url`: Target URL for single-target testing.
- `-f`, `--file`: Path to a file containing a list of URLs to test.
- `-p`, `--proxy`: Enable proxy mode (default `localhost:8080`) to route traffic through a proxy.
- `--dump`: Specify information to extract:
- `dbname`: Extract the name of the current database.
- `user`: Extract the current MySQL user.
### Examples
#### Single Target Detection
To detect if a URL is vulnerable:
```bash
python3 CVE-2024-32640.py -u "https://example.com" --dump user
```
#### Extract Database Name for a List of URLs
To extract the database name from multiple URLs:
```bash
python3 CVE-2024-32640.py -f urls.txt --dump dbname
```
#### Enable Proxy for Traffic Analysis
Route traffic through localhost:8080 (e.g., for use with Burp Suite):
```bash
python3 CVE-2024-32640.py -u "https://example.com" --dump user -p
```