wuweiit
commented
5 years ago 我不懂为什么要用英文描述这个注入bug,但我很高兴去解决这个问题的,感谢Qihoo360 CodeSafe Team.
Closed QiAnXinCodeSafe closed 5 years ago
wuweiit
commented
5 years ago 我不懂为什么要用英文描述这个注入bug,但我很高兴去解决这个问题的,感谢Qihoo360 CodeSafe Team.
wuweiit
commented
5 years ago 最新源码已修复该 bug
Hi all, There are a SQL injection vulnerability found by Qihoo360 CodeSafe Team. Details as bellow: The getChannel method in the ChannelService. java file is used directly to hash and run SQL statements without filtering parameters, resulting in SQL injection。
Continuous tracing can be found that the getChannel method is invoked in WebApp.java.
View WebParam.get () method
When param is empty (that is the first time), a param will be constructed , view the constructor.
You can see that all attributes in WebParam are obtained from request and are controlled by attackers.