CVE-2020-35848 PoC — Agentejo Cockpit SQL注入漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-35848.yaml

Associated Vulnerability

Title:Agentejo Cockpit SQL注入漏洞 (CVE-2020-35848)
Description:Agentejo Cockpit是德国Agentejo公司的一款用于管理网站结构化内容的管理系统。 Agentejo Cockpit 0.11.2之前版本存在SQL注入漏洞，该漏洞允许通过控制器Auth.php newpassword函数注入NoSQL。

Description

Agentejo Cockpit prior to 0.12.0 is vulnerable to NoSQL Injection via the newpassword method of the Auth controller, which is responsible for displaying the user password reset form.

File Snapshot


 id: CVE-2020-35848

info:
  name: Agentejo Cockpit <0.12.0 - NoSQL Injection
  author: dwisiswant0
 

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!