CVE-2020-35846 PoC — Agentejo Cockpit SQL注入漏洞

Source

https://github.com/JohnHammond/CVE-2020-35846

Associated Vulnerability

Title:Agentejo Cockpit SQL注入漏洞 (CVE-2020-35846)
Description:Agentejo Cockpit是德国Agentejo公司的一款用于管理网站结构化内容的管理系统。 Agentejo Cockpit 0.11.2之前版本存在SQL注入漏洞，该漏洞源于允许通过控制器Auth.php检查函数进行NoSQL注入。

Description

Python PoC for CVE-2020-35846 targeting Cockpit 0.11.1

Readme

# CVE-2020-35846 - Leak Cockpit Usernames PoC

> John Hammond | Sunday, July 25th, 2021

--------------------------------

Proof-of-concept Python script to leak Cockpit usernames with CVE-2020-35846.

![image](https://user-images.githubusercontent.com/6288722/126888786-2d37a4c6-47bc-4712-91ea-8e8c2a94fc67.png)

File Snapshot


 [4.0K]  /data/pocs/e929ab2ffc84dc5f38147d96260ae9446cbc7597
├── [1.3K]  CVE-2020-35846.py
└── [ 313]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!