Invia #833229: Jeecg JeecgBoot 3.9.2 SQL Injectioninformazioni

TitoloJeecg JeecgBoot 3.9.2 SQL Injection
DescrizioneJeecgBoot up to version 3.9.2 suffers from a blind SQL injection vulnerability in the /sys/user/list endpoint. The QueryGenerator.initQueryWrapper() method automatically maps all fields of the SysUser entity (including password and salt) as queryable columns with LIKE wildcard support. An authenticated attacker can send requests like: GET /jeecg-boot/sys/user/list?password=c63*&username=admin The "*" suffix triggers RIGHT_LIKE matching. By checking whether records are returned, the attacker can brute-force the MD5 password hash and salt value character by character (512 requests for password, 288 for salt). The @JsonProperty(access = WRITE_ONLY) annotation on these fields only prevents JSON serialization, not Spring MVC query parameter binding.
Fonte⚠️ https://github.com/jeecgboot/JeecgBoot/issues/9648
Utente
 rusty19 (UID 98380)
Sottomissione19/05/2026 15:54 (2 mesi fa)
Moderazione07/06/2026 10:57 (19 days later)
StatoAccettato
Voce VulDB369084 [JeecgBoot fino a 3.9.2 User List Endpoint SysUserController.java queryPageList salt rivelazione di informazioni]
Punti20

Do you know our Splunk app?

Download it now for free!