guns icon indicating copy to clipboard operation
guns copied to clipboard

Published 20 hours ago verified publisher icon abel533

guns Vulnerability Alerts

Open abel533 opened this issue 5 months ago • 0 comments

guns Vulnerability Alerts

收件箱
cxc  | cxc  | 16:19 (3小时前) |   |   -- | -- | -- | -- | -- cxc  发送至 我 | 发送至 我 发送至 我

Dear Developer,

We have identified multiple SQL injection vulnerabilities and file operation vulnerabilities in Guns. The specific function call stacks are provided below. Please address these issues as soon as possible. The primary cause of the SQL injection vulnerabilities is the lack of filtering for $ content in MyBatis' Mapper.xml.

Best regards,


========================================
[1] Found sink method:
 <com.stylefeng.guns.common.persistence.dao.LoginLogMapper: java.util.List getOperationLogs(java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String,boolean)>
(1) Found vul call chain:
 <com.stylefeng.guns.modular.system.controller.LogController: java.lang.Object list(java.lang.String,java.lang.String,java.lang.String,java.lang.Integer)>
  <com.stylefeng.guns.common.persistence.dao.LoginLogMapper: java.util.List getOperationLogs(java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String,boolean)>
========================================
[2] Found sink method:
 <java.io.File: void <init>(java.lang.String)>
(1) Found vul call chain:
 <com.stylefeng.guns.modular.system.controller.KaptchaController: void renderPicture(java.lang.String,javax.servlet.http.HttpServletResponse)>
  <com.stylefeng.guns.core.util.FileUtil: byte[] toByteArray(java.lang.String)>
   <java.io.File: void <init>(java.lang.String)>
========================================
[3] Found sink method:
 <com.stylefeng.guns.common.persistence.dao.LoginLogMapper: java.util.List getLoginLogs(java.lang.String,java.lang.String,java.lang.String,java.lang.String,boolean)>
(1) Found vul call chain:
 <com.stylefeng.guns.modular.system.controller.LoginLogController: java.lang.Object list(java.lang.String,java.lang.String,java.lang.String)>
  <com.stylefeng.guns.common.persistence.dao.LoginLogMapper: java.util.List getLoginLogs(java.lang.String,java.lang.String,java.lang.String,java.lang.String,boolean)>

abel533 avatar Sep 09 '24 12:09 abel533