CVE-2024-2330 PoC — Netentsec NS-ASG Application Security Gateway SQL注入漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-2330.yaml

Associated Vulnerability

Title:Netentsec NS-ASG Application Security Gateway SQL注入漏洞 (CVE-2024-2330)
Description:Netentsec NS-ASG Application Security Gateway是中国网康（Netentsec）公司的一款应用安全网关。 Netentsec NS-ASG Application Security Gateway 6.3版本存在SQL注入漏洞，该漏洞源于/protocol/index.php中包含一些未知函数,通过参数 IPAddr导致SQL注入。

Description

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /protocol/index.php. The manipulation of the argument IPAddr leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

File Snapshot


 id: CVE-2024-2330

info:
  name: NS-ASG Application Security Gateway 6.3 - Sql Injection
  author: s

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!