Metrics
0
Watch 658 Star 1.4k Fork 765

因酷 / inxeduJava

SQL Injection

Open
ziliudi  Created at

inxedu has a SQL Injection vulnerability。

1、the vulnerability code location
com.inxedu.os.edu.controller.user.UserController#deleteFavorite
输入图片说明
it calls
courseFavoritesService.deleteCourseFavoritesById(ids)
inxedu use Mybatis, the logic is in mybatis/inxedu/course/CourseFavoritesMapper.xml
输入图片说明
Here use '$', so it is vulnerable to SQL injection.

2、POC
http://test.com/uc/deleteFaveorite/65,(select*from(select(sleep(2)))a)
It will sleep 2 seconds.
输入图片说明

3、Fix
use '#' instead.

total 1 participants

Comments (0)

Sign in and comment

Assignee
Labels
Not set
Project
Milestone
Branch
Scheduled start
Not set
Scheduled end
Not set
Top level
Priority

Help Search