Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

时间盲注SQL注入绕过 #5269

Closed
springkill opened this issue Aug 16, 2023 · 1 comment
Closed

时间盲注SQL注入绕过 #5269

springkill opened this issue Aug 16, 2023 · 1 comment

Comments

@springkill
Copy link

springkill commented Aug 16, 2023
edited
Loading

版本号:

3.5.3

前端版本:vue3版?还是 vue2版?

vue3

问题描述:

sql注入检测模块org.jeecg.common.util.SqlInjectionUtil.checkSqlAnnotation
存在SQL注入绕过

截图&代码:

虽然过滤了sleep字段,但是因为先判断后转大小写,所以还是可以用大写SLEEP绕过:
image
image
image

友情提示(为了提高issue处理效率):

  • 未按格式要求发帖,会被直接删掉;
  • 描述过于简单或模糊,导致无法处理的,会被直接删掉;
  • 请自己初判问题描述是否清楚,是否方便我们调查处理;
  • 针对问题请说明是Online在线功能(需说明用的主题模板),还是生成的代码功能;
@springkill springkill changed the title 未授权时间盲注SQL注入绕过 时间盲注SQL注入绕过且越权 Aug 16, 2023
@springkill springkill changed the title 时间盲注SQL注入绕过且越权 时间盲注SQL注入绕过 Aug 17, 2023
@zhangdaiscott
Copy link
Member

已提交

zhangdaiscott added a commit that referenced this issue Aug 20, 2023
@zhangdaiscott
时间盲注SQL注入绕过 #5269
9c038a9
@zhangdaiscott zhangdaiscott mentioned this issue Sep 5, 2023
Closed
EightMonth pushed a commit to EightMonth/jeecg-boot that referenced this issue Dec 28, 2023
@zhangdaiscott
时间盲注SQL注入绕过 jeecgboot#5269
9cd9cbf
yoko-murasame added a commit to yoko-murasame/jeecg-boot that referenced this issue Apr 23, 2024
@yoko-murasame
时间盲注SQL注入绕过 jeecgboot#5269
231a7d7
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zhangdaiscott @springkill