CVE-2022-24124

Simple Java project showcases two vulnerabilities - a SQL injection and a RCE that although simplified were inspired from two real-word CVEs

Simple Java Demo This simple Java project showcases two vulnerabilities - a SQL injection and a RCE Although these have been distilled into simple examples they were inspired by two real CVEs that were detected You will be able see the two vulnerabilities that CI Fuzz detected and step into the code directly to see the underlying cause The fixed branch is re-fuzzed and the v

Dump SQL database version on host running Casdoor < 1.13.1

POC for CVE-2022-24124 Exploit Code for CVE-2022-24124 aka Casdoor SQL Injection Exploit Links: [ExploitDB-50792] [PacketStormSecurity] Expected outcome: Dump SQL database version on host running Casdoor &lt; 1131 Intended only for educational and testing in corporate environments Exploit Usage Barricade➜ go run exploitgo -u 127001:8080 -=Casdoor SQL Inje

CVE-2022-24124 exploit

前言 Casdoor是一个基于OAuth 20/OIDC的中心化的单点登录（SSO）身份验证平台 编号 CVE编号:CVE-2022-24124 CNPD编号:CNPD-202201-7304 影响版本 危险等级：高 ( 75 HIGH ) POC/EXP：已公开 Casdoor &lt; Casdoor 1131 //1131版本之前均受影响 漏洞简介 此漏洞属于Sql注入漏洞，在查询API 存在与字段和值参数相

POC for CVE-2022-24124

POC for CVE-2022-24124 Exploit Code for CVE-2022-24124 aka Casdoor SQL Injection Exploit Links: [ExploitDB-50792] [PacketStormSecurity] Expected outcome: Dump SQL database version on host running Casdoor &lt; 1131 Intended only for educational and testing in corporate environments Exploit Usage Barricade➜ go run exploitgo -u 127001:8080 -=Casdoor SQL Inje

CVE-2022-24124 exploit

前言 Casdoor是一个基于OAuth 20/OIDC的中心化的单点登录（SSO）身份验证平台 编号 CVE编号:CVE-2022-24124 CNPD编号:CNPD-202201-7304 影响版本 危险等级：高 ( 75 HIGH ) POC/EXP：已公开 Casdoor &lt; Casdoor 1131 //1131版本之前均受影响 漏洞简介 此漏洞属于Sql注入漏洞，在查询API 存在与字段和值参数相