CVE-2024-44542 PoC — ToDesk 安全漏洞

Source

https://github.com/alphandbelt/CVE-2024-44542

Associated Vulnerability

Title:ToDesk 安全漏洞 (CVE-2024-44542)
Description:ToDesk是中国ToDesk公司的一款专业的远程桌面软件。 ToDesk v.1.1版本存在安全漏洞，该漏洞源于存在SQL注入漏洞，允许远程攻击者通过/todesk.com/news.html参数执行任意代码。

Readme

# CVE-2024-44542

Description: todesk v1.1 was discovered to contain a SQL injection vulnerability via the title parameter at /todesk.com/news.html.

Vulnerability Type: SQL Injection

Vendor of Product: todesk

Affected Product Version: todesk - v1.1

Affected Component: todesk.com, news.html

Attack Type: Remote

Impact Information Disclosure: True

Attack Vectors: By constructing a specific URL request, an attacker can exploit the SQL injection vulnerability, for example: accessing https://todesk.com/news.html?tag_id=&title=1' AND (SELECT 6268 FROM (SELECT(SLEEP(10)))ghXo) AND 'IKlK'='IKlK.

Date Published: 2024/09/14

File Snapshot


 [4.0K]  /data/pocs/6ceb9b55da73618b3bbe4242444be0ddb432932e
└── [ 629]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!