WRITEUP

WRITEUP WORKING POC

Exploit for CVE-2022-4566 - y_project RuoYi <4.7.5 - SQL Injection

AI Analysis

This repository contains a functional SQL injection PoC for CVE-2022-4566 in RuoYi 4.7.5, exploiting a vulnerability in the `/tool/gen/createTable` endpoint where SQL keyword filtering can be bypassed using `/**/` comments, leading to information disclosure via error-based SQLi.

Attack Type

SQLi

Complexity

moderate

Reliability

reliable

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

Loading exploit code...

Download ZIP Password: eip

Source

Platform Writeup

Type poc

Files 1

https://github.com/luelueking/ruoyi-4.7.5-vuln-poc

Authors

luelueking

Vulnerability

CVE-2022-4566

y_project RuoYi <4.7.5 - SQL Injection

MEDIUM

CVSS 5.5