first commit

cmsms/CVE-2019-9053/README.md

@@ -0,0 +1,38 @@
+# CMS Made Simple (CMSMS) < 2.2.10 Unauthenticated SQL Injection (CVE-2019-9053)
+
+[中文版本(Chinese version)](README.zh-cn.md)
+
+CMS Made Simple (CMSMS) is a free, open source content management system to provide developers, programmers and site owners a web-based development and administration area.
+
+In the version prior to 2.2.9.1, CMS Made Simple was affected by a unauthenticated SQL injection attack, which attacker is able to gain the administrator's password or password reset token. Combining the authenticated SSTI issue ([CVE-2021-26120](https://github.com/vulhub/vulhub/tree/master/cmsms/CVE-2021-26120)), could allow an attacker to execute arbitrary code on the target server.
+
+References:
+
+- <https://www.exploit-db.com/exploits/46635>
+- <https://srcincite.io/pocs/cve-2021-26120.py.txt>
+
+## Vulnerable Environment
+
+Execute following command to start a CMS Made Simple 2.2.9.1:
+
+```
+docker compose up -d
+```
+
+After the server is started, you should install the CMS at `http://your-ip/install.php`.
+
+Following the install instructions to install the CMSMS, MySQL database address is `db`, database name is `cmsms`, username and password are both `root`.
+
+![](1.png)
+
+## Exploit
+
+Use the script on <https://www.exploit-db.com/exploits/46635> to exploit the SQL injection vulnerability:
+
+```
+python2 poc.py -u http://127.0.0.1
+```
+
+![](2.png)
+
+As you can see, the administrator's password is exposed by SQL injection.