| Titolo | master-nan sweet-cms None SQL Injection |
|---|
| Descrizione |
Vulnerability Description: The query relies on user-supplied values. In this case, the problem is with the dynamically constructed dropIndexSQL statement. Using user-supplied 'indexName' and 'tableName' to insert directly into SQL statements without proper validation and/or escape can lead an attacker to insert malicious SQL code that can perform illegal database operations.
code flow:
from route /table/index/:id
```
代码 initialize/router.go 片段(行 75 到 75 ):
adminGroup.PUT("/table/index/:id", app.TableController.UpdateTableIndex)
代码 controller/sys_table_controller.go 片段(行 357 到 357 ):
func (t *TableController) UpdateTableIndex(ctx *gin.Context) {
代码 controller/sys_table_controller.go 片段(行 362 到 362 ):
err := utils.ValidatorBody[request.TableIndexUpdateReq](ctx, &data, translator)
代码 controller/sys_table_controller.go 片段(行 367 到 367 ):
err = t.sysTableService.UpdateTableIndex(ctx, data)
代码 service/sys_table_service.go 片段(行 602 到 602 ):
func (s *SysTableService) UpdateTableIndex(ctx *gin.Context, req request.TableIndexUpdateReq) error {
代码 service/sys_table_service.go 片段(行 603 到 603 ):
err := s.sysTableRepo.ExecuteTx(ctx, func(tx *gorm.DB) error {
代码 service/sys_table_service.go 片段(行 616 到 616 ):
if e := s.sysTableRepo.DropTableIndex(tx, req.IndexName, table.TableCode); e != nil {
代码 repository/impl/sys_table_impl.go 片段(行 67 到 67 ):
func (s *SysTableRepositoryImpl) DropTableIndex(tx *gorm.DB, indexName string, tableCode string) error {
代码 repository/impl/sys_table_impl.go 片段(行 70 到 70 ):
dropIndexSQL := fmt.Sprintf("DROP INDEX %s ON %s", indexName, tableName)
代码 repository/impl/sys_table_impl.go 片段(行 70 到 70 ):
dropIndexSQL := fmt.Sprintf("DROP INDEX %s ON %s", indexName, tableName)
代码 repository/impl/sys_table_impl.go 片段(行 71 到 71 ):
return tx.Exec(dropIndexSQL).Error
``` |
|---|
| Fonte | ⚠️ https://github.com/master-nan/sweet-cms/issues/2 |
|---|
| Utente | zihe (UID 56943) |
|---|
| Sottomissione | 27/08/2024 19:02 (2 anni fa) |
|---|
| Moderazione | 30/08/2024 07:29 (3 days later) |
|---|
| Stato | Duplicato |
|---|
| Voce VulDB | 276208 [master-nan Sweet-CMS fino a 5f441e022b8876f07cde709c77b5be6d2f262e3f /table/index iniezione SQL] |
|---|
| Punti | 0 |
|---|