| tiêu đề | Daptin https://github.com/daptin/daptin 0.10.3 SQL Injection |
|---|
| Mô tả | A SQL Injection vulnerability exists in Daptin's aggregate API endpoint (`/aggregate/:typename`). The vulnerability occurs because user-supplied input is directly passed to `goqu.L()` (Literal function) without proper sanitization or validation, allowing attackers to execute arbitrary SQL queries.
In the file `server/resource/resource_aggregate.go`, the `column`, `group`, and `order` parameters from user requests are directly interpolated into SQL queries using `goqu.L()`:
```go
// Lines 139-141 in resource_aggregate.go
if strings.Index(project, " as ") > -1 {
parts := strings.Split(project, " as ")
projectionsAdded = append(projectionsAdded, goqu.L(parts[0]).As(parts[1]))
} else {
projectionsAdded = append(projectionsAdded, goqu.L(project))
}
```
The `goqu.L()` function treats input as a raw SQL literal, bypassing all query parameterization and escaping mechanisms.
|
|---|
| Nguồn | ⚠️ https://note-hxlab.wetolink.com/share/yMZ8oEgMTAur |
|---|
| Người dùng | hiro (UID 93548) |
|---|
| Đệ trình | 19/12/2025 08:04 (cách đây 4 các tháng) |
|---|
| Kiểm duyệt | 02/01/2026 11:08 (14 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 339384 [Daptin 0.10.3 Aggregate API resource_aggregate.go goqu.L column/group/order Tiêm SQL] |
|---|
| điểm | 20 |
|---|