CVE-2022-24124

This is a functional proof-of-concept exploit for CVE-2022-24124, an unauthenticated SQL injection vulnerability in Casdoor versions prior to 1.13.1. The exploit leverages the `updatexml` function to extract the database version via an error-based SQL injection technique.

This repository contains a Python-based proof-of-concept (PoC) scanner for CVE-2022-24124, a SQL injection vulnerability in Casdoor versions prior to 1.13.1. The script tests for the vulnerability by sending a crafted request to the `/api/get-organizations` endpoint and checking for the presence of 'XPATH' in the response.

This is a functional proof-of-concept exploit for CVE-2022-24124, an unauthenticated SQL injection vulnerability in Casdoor versions prior to 1.13.1. The exploit leverages the `updatexml` function to extract the database version via an error-based SQL injection technique.

The repository contains a functional Python script that exploits CVE-2022-24124, a SQL injection vulnerability in Casdoor's API. The script sends a crafted request to the `/api/get-organizations` endpoint with an `updatexml` payload to trigger the vulnerability and checks for the presence of 'XPATH' in the response to confirm exploitation.

The repository contains a Python script that scans for CVE-2022-24124, a SQL injection vulnerability in Casdoor's API. It checks for the presence of the 'XPATH' string in the response to determine if the target is vulnerable.

This Go script exploits an unauthenticated SQL injection vulnerability in Casdoor versions prior to 1.13.1 by injecting a payload into the 'field' parameter of the '/api/get-organizations' endpoint to dump the database version.