There is a sql injection vulnerability in the crmeb_java system /api/admin/store/product/list interface #11
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
[Suggested description]
sql injection vulnerability exists in crmeb_java <=1.3.4
Failure to check the parameters legally leads to sqli.
[Vulnerability Type]
SQLi
[Vendor of Product]
https://github.com/crmeb/crmeb_java
[Affected Product Code Base]
<=1.3.4
[Affected Component]
/api/admin/store/product/list
[Attack Type]
Remote
[Vulnerability details]
Get the interface request package
GET /api/admin/store/product/list?page=1&limit=20&cateId=&keywords=&type=1&temp=1678870222 HTTP/2
Host: api.java.crmeb.net
Sec-Ch-Ua: "Chromium";v="95", ";Not A Brand";v="99"
Accept: application/json, text/plain, /
Authori-Zation: 213ff6ff1ca24ae78f8263bd7ad0ea6c
Sec-Ch-Ua-Mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
Sec-Ch-Ua-Platform: "Windows"
Origin: https://admin.java.crmeb.net
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://admin.java.crmeb.net/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
The cateId parameter has an injection vulnerability.
There you can see it!
[Impact Code execution]
true
[Cause of vulnerability]
com.zbkj.admin.controller.SystemMenuController line 49
The controller calls the getAdminList() method
follow up to com.zbkj.service.service.impl.StoreProductServiceImpl line 172,
Here, the cateId is directly spliced into the SQL statement, thus causing a SQL injection vulnerability
The end,thanks!
The text was updated successfully, but these errors were encountered: