CVE-2022-24124

This Go script exploits an unauthenticated SQL injection vulnerability in Casdoor versions prior to 1.13.1 by injecting a payload into the 'field' parameter of the '/api/get-organizations' endpoint to dump the database version.

This is a functional proof-of-concept exploit for CVE-2022-24124, an unauthenticated SQL injection vulnerability in Casdoor versions prior to 1.13.1. The exploit leverages the `updatexml` function to extract the database version via an error-based SQL injection technique.

This repository contains a Python-based proof-of-concept (PoC) scanner for CVE-2022-24124, a SQL injection vulnerability in Casdoor versions prior to 1.13.1. The script tests for the vulnerability by sending a crafted request to the `/api/get-organizations` endpoint and checking for the presence of 'XPATH' in the response.

This repository contains a functional Go-based exploit for CVE-2022-24124, a SQL injection vulnerability in Casdoor versions prior to 1.13.1. The exploit sends a crafted HTTP request to the `/api/get-organizations` endpoint, triggering an XPath error that leaks the database version.

This is a functional proof-of-concept exploit for CVE-2022-24124, an unauthenticated SQL injection vulnerability in Casdoor versions prior to 1.13.1. The exploit leverages the `updatexml` function to extract the database version via an error-based SQL injection technique.

The repository contains a Python script that scans for CVE-2022-24124, a SQL injection vulnerability in Casdoor's API. It checks for the presence of the 'XPATH' string in the response to determine if the target is vulnerable.

The repository contains a functional Python script that exploits CVE-2022-24124, a SQL injection vulnerability in Casdoor's API. The script sends a crafted request to the `/api/get-organizations` endpoint with an `updatexml` payload to trigger the vulnerability and checks for the presence of 'XPATH' in the response to confirm exploitation.