CVE-2022-23046 PoC — phpIPAM SQL注入漏洞

Source

https://github.com/bernauers/CVE-2022-23046

Associated Vulnerability

Title:phpIPAM SQL注入漏洞 (CVE-2022-23046)
Description:phpIPAM是一套开源的基于PHP和MySQL的IP地址管理应用程序（IPAM）。 PhpIPAM v1.4.4版本存在SQL注入漏洞，该漏洞源于经过身份验证的管理员用户在通过app/admin/routing/edit bgp mapping search搜索子网时，可在subnet参数中插入SQL语句。

Description

Tinker Script for CVE-2022-23046

Readme

# CVE-2022-23046
### PHPIPAM 1.4.4 - SQLi (Authenticated)

[Orignal Exploit can be found here](https://www.exploit-db.com/exploits/50684)

**Original Exploit Author:** Rodolfo "Inc0gbyt3" Tavares

Tinker Script for CVE-2022-23046

I was having trouble getting the orginal script to run. Went ahead and tinkered with it for my use case. 

Used while completeing the THM room [Ollie](https://tryhackme.com/room/ollie).

File Snapshot


 [4.0K]  /data/pocs/a366e60375aad883bb6fc41e8d64e8b5a12b0b59
├── [2.4K]  cve_2022-23046.py
├── [1.0K]  LICENSE
└── [ 417]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!