search

linlinjava / litemall

又一个小商城。litemall = Spring Boot后端 + Vue管理员前端 + 微信小程序用户前端 + Vue用户移动端
MIT License
19.11k stars 7.17k forks source link

[vulnerability] SQL Injection Vulnerability in AdminGoodsController.java #548

Open xiao-maqiang opened 2 months ago

xiao-maqiang commented 2 months ago

SQL injection vulnerability in linlinjava litemall v.1.8.0 allows a remote attacker to obtain sensitive information via the goodsId, goodsSn, name parameters of the AdminGoodscontroller.java component. 1.Steps to reproduce (复现步骤) 访问商品管理,点击查询,抓取数据包 `GET /admin/goods/list?page=1&limit=20&sort=add_time&order=desc HTTP/1.1 Host: localhost:8083 X-Litemall-Admin-Token: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJsb2dpblR5cGUiOiJsb2dpbiIsImxvZ2luSWQiOiIxNjc0MjI4Nzc2NzU1NjYyODQ4Iiwicm5TdHIiOiJ2MnhZQjlKTVVYTzVvU1prUHVIdVRmUG5Kc250dFdYcSJ9.vcCJsv50XMYtg5dkjdvvfEqRBv5M6mntbBfHYz24zLQ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 X-Litemall-TenantId: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ0aGlzIGlzIGxpdGUtbWFsbC1wbHVzIHRva2VuIiwiYXVkIjoiTUlOSS1BUFAiLCJ0ZW5hbnRJZCI6IjAiLCJpc3MiOiJMaXRlLW1hbGwtcGx1cyIsImV4cCI6MTcxOTIyMDUzNCwiaWF0IjoxNzE5MTM0MTM0fQ.uMpPiijOq53ImOdyjEreoxmamrA0xqznDs1XZbvvum8 Accept: / Accept-Encoding: gzip, deflate, br Accept-Language: zh-CN,zh;q=0.9 Connection: close

`

image