POC详情: 8935a4bde76e3698b37197f7e65709c4904ad2ec

来源
关联漏洞
标题: ToDesk 安全漏洞 (CVE-2024-44542)
描述:ToDesk是中国ToDesk公司的一款专业的远程桌面软件。 ToDesk v.1.1版本存在安全漏洞,该漏洞源于存在SQL注入漏洞,允许远程攻击者通过/todesk.com/news.html参数执行任意代码。
介绍
# CVE-2024-44542

Description: todesk v1.1 was discovered to contain a SQL injection vulnerability via the title parameter at /todesk.com/news.html.

Vulnerability Type: SQL Injection

Vendor of Product: todesk

Affected Product Version: todesk - v1.1

Affected Component: todesk.com, news.html

Attack Type: Remote

Impact Information Disclosure: True

Attack Vectors: By constructing a specific URL request, an attacker can exploit the SQL injection vulnerability, for example: accessing https://todesk.com/news.html?tag_id=&title=1' AND (SELECT 6268 FROM (SELECT(SLEEP(10)))ghXo) AND 'IKlK'='IKlK.

Date Published: 2024/09/14
文件快照

[4.0K] /data/pocs/8935a4bde76e3698b37197f7e65709c4904ad2ec └── [ 629] README.md 0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。