CVE-2022-40032 PoC — Simple Task Managing System SQL注入漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-40032.yaml

Associated Vulnerability

Title:Simple Task Managing System SQL注入漏洞 (CVE-2022-40032)
Description:Simple Task Managing System是简单任务管理系统。 Simple Task Managing System 1.0版本存在安全漏洞，该漏洞源于在 login.php 中的 username 和 password 参数中存在SQL 注入，攻击者利用该漏洞可以执行任意代码并获取系统敏感信息。

Description

SQL injection occurs when a web application doesn't properly validate or sanitize user input that is used in SQL queries. Attackers can exploit this by injecting malicious SQL code into the input fields of a web application, tricking the application into executing unintended database queries.

File Snapshot


 id: CVE-2022-40032

info:
  name: Simple Task Managing System v1.0 - SQL Injection
  author: r3Y3r53

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!