We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
src/main/resources/mybatis/system/DeptMapper.xml
There is a ${} in this mapper Search selectDeptList to see where the this select id is used: /DeptController.java
Query dept information: Follow up the selectDeptList method to see the specific implementation:
/DeptServiceImpl.java
The parameters in the Dept are passed into the mapper for SQL operation. Because the datascope is controllable, the vulnerability is generated
Verification:
Splice URL and parameters according to code:
params[dataScope]=
Use error injection to query the database version:
params[dataScope]=and+extractvalue(1,concat(0x7e,substring((select+version()),1,32),0x7e))
Select database name:
The text was updated successfully, but these errors were encountered:
No branches or pull requests
src/main/resources/mybatis/system/DeptMapper.xml
There is a ${} in this mapper
Search selectDeptList to see where the this select id is used:
/DeptController.java
Query dept information:
Follow up the selectDeptList method to see the specific implementation:
/DeptServiceImpl.java
The parameters in the Dept are passed into the mapper for SQL operation. Because the datascope is controllable, the vulnerability is generated
Verification:
Splice URL and parameters according to code:
Use error injection to query the database version:
params[dataScope]=and+extractvalue(1,concat(0x7e,substring((select+version()),1,32),0x7e))Select database name:
The text was updated successfully, but these errors were encountered: