wangmarket icon indicating copy to clipboard operation
wangmarket copied to clipboard

Published 20 hours ago verified publisher icon xnx3

sql-injection

Open H1Skaak opened this issue 2 years ago • 1 comments

sql-injection

注入点:

com.xnx3.wangmarket.plugin.dataDictionary.controller.DataDictionaryPluginController.java

管理员登录路由/plugin/dataDictionary/tableView.do?tableName=

tableName参数存在注入

image-20220314105812459 image-20220314111113730

使用sqlmap进行验证

image-20220314110713199

H1Skaak avatar Mar 14 '22 04:03 H1Skaak

非常感谢,当下已修复这个问题,另外当前github仓库有点老旧,可以看下最新仓库 https://gitee.com/mail_osc/wangmarket 当下正在做v6.0大版本的最后检阅。github我们也会在明天或后天进行同步到最新版本

xnx3 avatar Feb 10 '23 13:02 xnx3