CVE-2022-0944

This repository contains a Python-based exploit for CVE-2022-0944, targeting SQLPad's `/api/test-connection` endpoint to achieve blind RCE via a crafted payload. The exploit sends a reverse shell to a specified attacker IP and port.

This is a functional proof-of-concept exploit for CVE-2022-0944, targeting SQLPad's RCE vulnerability via the test-connection API endpoint. It leverages a reverse shell payload executed through a crafted name parameter in the API request.

This exploit leverages a template injection vulnerability in SQLPad to achieve remote command execution. The PoC sends a crafted JSON payload to the `/api/test-connection` endpoint, injecting a Node.js child process execution command.

This repository contains a functional proof-of-concept exploit for CVE-2022-0944, targeting SQLPad. The exploit leverages a remote code execution vulnerability by injecting a reverse shell payload via the API endpoint.

This PHP exploit targets CVE-2022-0944 in SQLPad, leveraging a template injection vulnerability to execute arbitrary commands and establish a reverse shell. The payload injects a Node.js child_process.exec call to spawn a bash reverse shell.

This repository contains a functional privilege escalation exploit for CVE-2022-0944, targeting a vulnerability in the Linux kernel's OverlayFS subsystem. The exploit leverages improper file handling to escalate privileges, with a detailed README providing mitigation steps and detection methods.

This is a functional PoC for CVE-2022-0944, an RCE vulnerability in SQLPad. It exploits a server-side template injection flaw to execute arbitrary commands, demonstrated via a reverse shell payload.

The repository contains a functional exploit for CVE-2022-0944, targeting a privilege escalation vulnerability in OverlayFS. The exploit leverages crafted file operations to gain root privileges on affected Linux kernels (5.8 <= kernel < 5.16.12).

This Bash script exploits CVE-2022-0944 in SQLPad 6.10.0 by injecting malicious commands into the MySQL connection settings, leveraging Node.js `child_process` to achieve remote code execution (RCE) via a reverse shell.

This is a functional PoC exploit for CVE-2022-0944, which leverages a template injection vulnerability in the target software to achieve remote code execution (RCE). The exploit automates the process by sending a malicious payload to the API endpoint and optionally setting up a listener to capture command output.