Отправить #549260: ghostxbh uzy-ssm-mall v1.0.0 SQL InjectionИнформация

Название	ghostxbh uzy-ssm-mall v1.0.0 SQL Injection
Описание	Vulnerability Description In the uzy-ssm-mall v1.0.0 version, the /mall/product/0/20 interface contains a high-risk SQL injection vulnerability. The root cause of this vulnerability lies in the code's failure to effectively filter data passed from the frontend, directly concatenating it into SQL statements. This allows attackers to manipulate database queries by constructing malicious inputs, potentially leading to the retrieval, modification, or deletion of sensitive information in the database. Vulnerability Location The vulnerability is located at the /mall/product/0/20 interface. The specific call sequence is: ProductMapper --> ProductServiceImpl --> ForeProductListController. Code Audit Process Vulnerability File Path / File Name: The vulnerability point is located in the order by statement, where the sorting field is passed from the frontend. Vulnerability Call Sequence: ProductMapper: The Mapper layer responsible for interacting with the database. ProductServiceImpl: The business logic processing layer, which calls the Mapper layer for database operations. ForeProductListController: The controller layer, which receives frontend requests and calls the Service layer for processing. Vulnerability Code Analysis: In ForeProductListController.java, the sorting field is directly passed from the frontend without any filtering or validation. This field is directly concatenated into the SQL statement, resulting in an SQL injection vulnerability. Vulnerability Exploitation: Attackers can manipulate the order by statement by constructing malicious inputs, thereby executing arbitrary SQL queries. POC http(s)://target-ip/mall/product/0/20?category_id=151&isDesc=true&orderBy=%28select%2Afrom%28select%2Bsleep%280%29union%2F%2A%2A%2Fselect%2B1%29a%29
Источник	⚠️ https://wiki.shikangsi.com/post/share/ba8925f0-0480-4356-9b32-4543d0ea8671
Пользователь	XingYue_Mstir (UID 72225)
Представление	02.04.2025 11:56 (1 Год назад)
Модерация	14.04.2025 00:36 (12 days later)
Статус	принято
Запись VulDB	304600 [ghostxbh uzy-ssm-mall 1.0.0 /mall/product/0/20 ForeProductListController orderBy SQL-инъекция]
Баллы	20

◂ Предыдущий Обзор Далее ▸

Do you need the next level of professionalism?

Upgrade your account now!