admin/GobyVuls

mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-05 10:16:59 +00:00

History

gaopeng2 e4ddef46a6 add CVE-2021-44910、CVE-2022-24124

2022-03-25 16:06:36 +08:00

..

Casdoor_1_13sqli_CVE_2022_24124.gif

add CVE-2021-44910、CVE-2022-24124

2022-03-25 16:06:36 +08:00

README.md

add CVE-2021-44910、CVE-2022-24124

2022-03-25 16:06:36 +08:00

README.md

Casdoor 1.13 sqli (CVE-2022-24124)

Casdoor is an open source identity and access management (IAM) / single sign-on (SSO) platform with a web UI that supports OAuth 2.0 / OIDC and SAML authentication. Before Casdoor 1.13.1, there is a SQL injection vulnerability in api/get-organizations, and attackers can use the vulnerability to obtain sensitive information such as database users and passwords.

FOFA query rule: banner="casdoor_session_id" || header="casdoor_session_id"

Demo