Vulnerability: SQL Injection in dataCompare ≤ 1.0.1

**BUG_Author:** R1ckyZ

**Affected Version:** dataCompare ≤ 1.0.1

**Vendor:** [dromara](https://github.com/dromara)

**Software:** [dataCompare](https://github.com/dromara/dataCompare)

**Vulnerability** **Files:**

- `src/main/java/com/vince/xq/project/tool/gen/controller/GenController.java`

## Description:

When executing a table creation SQL statement, the `/createTable` endpoint in `GenController` only checks whether the input is a `MySqlCreateTableStatement` but fails to properly sanitize or validate the table alias. This allows an attacker to inject malicious SQL payloads through the table alias, leading to SQL injection.

<img width="1185" height="793" alt="Image" src="https://github.com/user-attachments/assets/376ad5f7-6f63-4f12-81cb-f55eb19ed4b3" />

## Proof of Concept:

1. After logging in, access the API `/tool/gen/createTable` and pass a statement vulnerable to SQL injection via POST parameters, as shown in the image below.

<img width="1208" height="565" alt="Image" src="https://github.com/user-attachments/assets/f4845c2a-19a1-460e-965b-2e9d7f5d9318" />

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Vulnerability: SQL Injection in dataCompare ≤ 1.0.1 #12

Description:

Proof of Concept:

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Vulnerability: SQL Injection in dataCompare ≤ 1.0.1 #12

Description

Description:

Proof of Concept:

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions