Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-9483 PoC — Apache SkyWalking SQL注入漏洞

Source
https://github.com/Neko-chanQwQ/CVE-2020-9483
Associated Vulnerability
Title:Apache SkyWalking SQL注入漏洞 (CVE-2020-9483)
Description:**Resolved** When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL protocol, there is a SQL injection vulnerability, which allows to access unpexcted data. Apache SkyWalking 6.0.0 to 6.6.0, 7.0.0 H2/MySQL/TiDB storage implementations don't use the appropriate way to set SQL parameters.
Description
PoC of SQL Injection vul(CVE-2020-9483,Apache SkyWalking)
Readme
# CVE-2020-9483
## PoC of SQL Injection vul(CVE-2020-9483,Apache SkyWalking)  
Usage:python3 CVE-2020-9483.py -ip 127.0.0.1  
You can use this script to get Database version by SQL Injection  
Click star if you like this script  
如果觉得这个PoC帮助了你,希望能点个star  
Result:![Alt text](https://github.com/yukiNeko114514/CVE-2020-9483/blob/main/img/usage.PNG) 
XD
File Snapshot

 [4.0K]  /data/pocs/db6af33b47d377e7c6438ab069cc926dcd884258
├── [1.7K]  CVE-2020-9483.py
├── [4.0K]  img
│   └── [ 18K]  usage.PNG
└── [ 386]  README.md

1 directory, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →