Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-24124 PoC — Casdoor SQL注入漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-24124.yaml
Associated Vulnerability
Title:Casdoor SQL注入漏洞 (CVE-2022-24124)
Description:Casdoor是开源的一个身份和访问管理 (IAM) / 单点登录 (SSO) 平台,带有支持 OAuth 2.0 / OIDC 和 SAML 身份验证的 Web UI 。 Casdoor 1.13.1 之前存在安全漏洞,该漏洞允许攻击者通过api/get-organizations进行攻击。
Description
Casdoor version 1.13.0 suffers from a remote unauthenticated SQL injection vulnerability via the query API in Casdoor before 1.13.1 related to the field and value parameters, as demonstrated by api/get-organizations.
File Snapshot

 id: CVE-2022-24124

info:
  name: Casdoor 1.13.0 - Unauthenticated SQL Injection
  author: cckuailon

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.