CVE-2022-23046

This exploit demonstrates an authenticated SQL injection vulnerability in PHPIPAM 1.4.4. It authenticates with provided credentials, retrieves a session cookie, and then injects a malicious SQL query to dump user emails, passwords, and 2FA statuses.

This is a functional PoC for CVE-2022-23046, an SQL injection vulnerability in phpIPAM v1.4.4. It automates the exploitation of the vulnerability in the 'subnet' parameter of the BGP mapping search functionality, allowing authenticated admin users to extract sensitive information from the database.

This PoC exploits an authenticated SQL injection vulnerability in PHPIPAM 1.4.4 (CVE-2022-23046) to write a malicious PHP file to the target system. The exploit logs in with provided credentials, then injects a SQL payload to create a web shell.

This PoC automates SQL injection attacks against phpIPAM's edit-bgp-mapping-search.php endpoint, allowing authenticated admin users to extract sensitive information such as server details, SMTP settings, user hashes, and database schemas.

This PoC demonstrates an authenticated SQL injection vulnerability in phpIPAM 1.4.4, allowing database enumeration, file read, and file write operations via the subnet parameter in edit-bgp-mapping-search.php.