add CVE-2021-44910、CVE-2022-24124

Casdoor/CVE-2022-24124/README.md

@@ -0,0 +1,9 @@
+# Casdoor 1.13 sqli (CVE-2022-24124)
+
+Casdoor is an open source identity and access management (IAM) / single sign-on (SSO) platform with a web UI that supports OAuth 2.0 / OIDC and SAML authentication. Before Casdoor 1.13.1, there is a SQL injection vulnerability in api/get-organizations, and attackers can use the vulnerability to obtain sensitive information such as database users and passwords.
+
+FOFA **query rule**: [banner="casdoor_session_id" || header="casdoor_session_id"](https://fofa.info/result?qbase64=YmFubmVyPSJjYXNkb29yX3Nlc3Npb25faWQiIHx8IGhlYWRlcj0iY2FzZG9vcl9zZXNzaW9uX2lkIg%3D%3D)
+
+# Demo
+
+![Casdoor_1_13sqli_CVE_2022_24124](Casdoor_1_13sqli_CVE_2022_24124.gif)

SpringBlade/CVE-2021-44910/README.md

@@ -0,0 +1,9 @@
+# SpringBlade Default SIGN_KRY (CVE-2021-44910)
+
+SpringBlade is a comprehensive project that coexists with the SpringCloud distributed microservice architecture and the SpringBoot monolithic microservice architecture upgraded and optimized from commercial-grade projects. The SpringBlade framework has a default SIGN_KEY, and attackers can exploit the vulnerability to obtain sensitive information such as user account password logs.
+
+FOFA **query rule**: [body="saber/iconfont.css" || body="Saber 将不能正常工作" || title="Sword Admin" || body="We're sorry but avue-data doesn't work"](https://fofa.info/result?qbase64=Ym9keT0ic2FiZXIvaWNvbmZvbnQuY3NzIiB8fCBib2R5PSJTYWJlciDlsIbkuI3og73mraPluLjlt6XkvZwifHx0aXRsZT0iU3dvcmQgQWRtaW4ifHxib2R5PSJXZSdyZSBzb3JyeSBidXQgYXZ1ZS1kYXRhIGRvZXNuJ3Qgd29yayI%3D)
+
+# Demo
+
+![SpringBlade_Default_SIGN_KRY_CVE_2021_44910](SpringBlade_Default_SIGN_KRY_CVE_2021_44910.gif)