You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the com.build.web.project.ProjectTaskController#taskList() method, some SQL statements were customized and eventually spliced into the query statement.
在com.rebuild.web.project.ProjectTaskController#taskList()方法中,自定义了部分SQL语句,并且最终将该部分SQL语句拼接至查询语句中。
Although the 'StringsEscapeUtils. EscapeSql()' method is used here to process user input, there is a bypass.
虽然此处使用了StringsEscapeUtils.escapeSql()方法对用户输入做了处理,但存在绕过。
Finally, in line 122 of com.rebuild.web.project.ProjectTaskController, user input was brought into the query statement, causing a SQL injection vulnerability.
最终在com.rebuild.web.project.ProjectTaskController的第122行,将用户输入带入到查询语句中,造成SQL注入漏洞。
The end,thanks!
The text was updated successfully, but these errors were encountered:
版本 / Version
<=3.2.3
什么问题 / What's the problem
SQL injection vulnerability exists in the/project/tasks/list interface of the rebuild system.
在rebuild系统的/project/tasks/list接口中存在SQL注入漏洞。
如何复现此问题 / How to reproduce this problem
功能点 / Function points
请求信息 / Request message:
攻击载荷 / payload:
%25%5c%27%20or%20updatexml(1,concat(0x7e,(select+table_name+from+information_schema.tables+where+table_schema=0x72656275696c64+limit+0,1),0x7e),1)--+
漏洞复现 / Vulnerability recurrence
There you can see it!
系统环境 (操作系统/MySQL版本/浏览器等) / System environment (OS/MySQL/Browser etc)
Mysql 5.7.26
Windows
JDK1.8.0_341
Chrome
说明 / Suggested description
sql injection vulnerability exists in rebuild <=3.2.3
在rebuild系统小于3.2.3版本中存在SQL注入漏洞
Failed to legally check parameters, resulting in SQL injection vulnerabilities.
未能合法检查参数从而导致sql注入漏洞.
漏洞类型 / Vulnerability Type
SQLi
产品供应商 / Vendor of Product
https://github.com/getrebuild/rebuild
受影响的产品代码库 / Affected Product Code Base
<=3.2.3
受影响组件 / Affected Component
/project/tasks/list
攻击方式 / Attack Type
Remote
漏洞成因 / Cause of vulnerability
In the
com.build.web.project.ProjectTaskController#taskList()
method, some SQL statements were customized and eventually spliced into the query statement.在
com.rebuild.web.project.ProjectTaskController#taskList()
方法中,自定义了部分SQL语句,并且最终将该部分SQL语句拼接至查询语句中。Although the 'StringsEscapeUtils. EscapeSql()' method is used here to process user input, there is a bypass.
虽然此处使用了
StringsEscapeUtils.escapeSql()
方法对用户输入做了处理,但存在绕过。Finally, in line 122 of
com.rebuild.web.project.ProjectTaskController
, user input was brought into the query statement, causing a SQL injection vulnerability.最终在com.rebuild.web.project.ProjectTaskController的第122行,将用户输入带入到查询语句中,造成SQL注入漏洞。
The end,thanks!
The text was updated successfully, but these errors were encountered: