There is an SQL injection vulnerability that can operate the database with root privileges.

Deep0 commented 2 years ago

version: <=3.0

precondition: After logged in the website,click 流程管理 proxy burp,the parameter "column" can be made SQL injection.

Screenshot & code :

poc:

Host: api.boot.jeecg.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Firefox/91.0
Accept: application/json, text/plain, */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
X-Sign: 7AE7A7990565A3187D8CE30725C82718
X-Timestamp: 20211229152402
X-Access-Token: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE2NDA3NjI2NTMsInVzZXJuYW1lIjoiamVlY2cifQ.SX0HjEOmrGFDZt-oNUUOlTNYn9ftCOmhQIOgED9HZRM
Tenant-Id: 2
Origin: http://boot.jeecg.com
Referer: http://boot.jeecg.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Te: trailers
Connection: close

zhangdaiscott commented 2 years ago

jl

zhangdaiscott commented 2 years ago

已经处理，感谢

Deep0 commented 2 years ago

能为我申请一个CVE编号吗，如果可以的话非常感谢！

------------------ 原始邮件 ------------------ 发件人: "jeecgboot/jeecg-boot" @.>; 发送时间: 2022年1月18日(星期二) 上午10:54 @.>; @.**@.>; 主题: Re: [jeecgboot/jeecg-boot] There is an SQL injection vulnerability that can operate the database with root privileges. (Issue #3331)

已经处理，感谢

— Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android. You are receiving this because you authored the thread.Message ID: @.***>

jeecgboot / JeecgBoot