| 제목 | xxyopen novel-plus 5.1.3 SQL Injection |
|---|
| 설명 | A critical SQL injection vulnerability exists in the user management module. The `/list` endpoint, which retrieves a list of system users, unsafely uses string substitution (`${...}`) for the `sort` and `order` parameters within its MyBatis `ORDER BY` clause. This allows any authenticated user who can access this endpoint to execute arbitrary SQL commands. Because the query targets the `sys_user` table, this flaw can be exploited to exfiltrate highly sensitive information, including usernames, email addresses, and password hashes, compromising all user accounts on the system. |
|---|
| 원천 | ⚠️ https://blog.0xd00.com/blog/sqli-in-user-list-leads-to-sensitive-data-disclosure |
|---|
| 사용자 | bpy9ft (UID 85221) |
|---|
| 제출 | 2025. 06. 13. AM 11:38 (10 개월 ago) |
|---|
| 모더레이션 | 2025. 06. 23. PM 04:32 (10 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 313654 [xxyopen/201206030 novel-plus 까지 5.1.3 User Management UserMapper.xml list sort/order SQL 주입] |
|---|
| 포인트들 | 20 |
|---|