| tiêu đề | Jawher Kl node-api-postgres 2.5 SQL Injection |
|---|
| Mô tả | A Critical SQL Injection vulnerability exists in the node-api-postgres application. In the file models/user.js (within User.getAll()), the sort parameter provided via the GET /users endpoint is concatenated directly into the SQL query without adequate sanitization or parameterized execution. Because ORDER BY clauses cannot be parameterized in PostgreSQL, this direct string concatenation allows unauthenticated attackers (after obtaining a basic user JWT) to execute arbitrary SQL commands. This can be exploited to achieve boolean-based data extraction or full data exfiltration via subqueries (e.g., extracting admin bcrypt password hashes and emails). |
|---|
| Nguồn | ⚠️ https://hackmd.io/@YzU_KiOzT86cEbFQdBceVg/Bk56LQQYbe |
|---|
| Người dùng | yeee3642 (UID 91336) |
|---|
| Đệ trình | 02/03/2026 16:14 (cách đây 2 các tháng) |
|---|
| Kiểm duyệt | 14/03/2026 23:40 (12 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 351097 [JawherKl node-api-postgres đến 2.5 models/user.js User.getAll sort Tiêm SQL] |
|---|
| điểm | 20 |
|---|