来源

关联漏洞

描述

SQL Injection Vulnerability on PhpIPAM v1.4.4

介绍

# CVE-2022-23046

PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php.

# Installation

1. Build 
```bash
git clone https://github.com/dnr6419/CVE-2022-23046.git
cd CVE-2022-23046 && docker-compose up -d 
pip3(or pip) install -r requirements.txt
python3(or python) CVE-2022-23046.py -h
```
2. Setup
  2-1. Go to the http://[YOUR_IP] and Choose [New phpipam installation].<br>
  <img src="https://user-images.githubusercontent.com/43310843/153968318-0a3b46e9-f1d6-4e90-9f62-0bd02314d999.png" width="70%" height="20%">
  2-2. Choose [Automatic database installation]. <br>
  2-3. MySQL username & Password is "root"/"my_secret_mysql_root_pass".<br> 
  <img src="https://user-images.githubusercontent.com/43310843/153968762-a36f7260-e408-455e-a575-08b92458139d.png" width="70%" height="20%">
  2-4. Setting the Password and Login to check the installation is complete.<br>
  <img src="https://user-images.githubusercontent.com/43310843/153968865-ddbfc133-d695-4a91-8754-d1882b31b869.png" width="70%" height="20%">  

# Exploit

```bash
  python3 CVE-2022-23046.py --url http://localhost --user admin
  # and input your password
```
<img src="https://user-images.githubusercontent.com/43310843/153969081-fc1ac148-f827-4003-b477-103e5b0f78ac.png" width="70%" height="20%">

# Reference
 https://github.com/jcarabantes/CVE-2022-23046.git<br>
 https://hub.docker.com/r/phpipam/phpipam-www

文件快照

 [4.0K]  /data/pocs/3176cff65a666363b4bf263b7f33cc63be6d0129
├── [3.2K]  CVE-2022-23046.py
├── [ 953]  docker-compose.yml
├── [1.5K]  README.md
├── [  37]  requirements.txt
└── [4.0K]  res
    ├── [2.4K]  functions.py
    ├── [   0]  __init__.py
    ├── [2.1K]  payloads.py
    └── [4.0K]  __pycache__
        ├── [2.4K]  functions.cpython-39.pyc
        ├── [ 149]  __init__.cpython-39.pyc
        └── [1.8K]  payloads.cpython-39.pyc

2 directories, 10 files

备注