668 Star 1.6K Fork 826

因酷 / inxedu

 / 详情

SQL Injection

Backlog
Opened this issue  
2019-01-02 13:19

inxedu has a SQL Injection vulnerability。

1、the vulnerability code location
com.inxedu.os.edu.controller.user.UserController#deleteFavorite
输入图片说明
it calls
courseFavoritesService.deleteCourseFavoritesById(ids)
inxedu use Mybatis, the logic is in mybatis/inxedu/course/CourseFavoritesMapper.xml
输入图片说明
Here use '$', so it is vulnerable to SQL injection.

2、POC
http://test.com/uc/deleteFaveorite/65,(select*from(select(sleep(2)))a)
It will sleep 2 seconds.
输入图片说明

3、Fix
use '#' instead.

Comments (0)

ziliudi createdtask

Sign in to comment

状态
Assignees
Milestones
Pull Requests
关联的 Pull Requests 被合并后可能会关闭此 issue
Branches
Planed to start   -   Planed to end
-
Top level
Priority
参与者(1)
Java
1
https://gitee.com/inxeduopen/inxedu.git
git@gitee.com:inxeduopen/inxedu.git
inxeduopen
inxedu
inxedu

Search