Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[security vulnerability] SQL injection #178

Open
GatekeeperBuster opened this issue Apr 3, 2024 · 0 comments
Open

[security vulnerability] SQL injection #178

GatekeeperBuster opened this issue Apr 3, 2024 · 0 comments

Comments

@GatekeeperBuster
Copy link

Recently, our team found a security vulnerability in the latest version of the project, which has led to the risk of SQL injection, potentially causing severe information leakage. The vulnerability lies within the method: src/main/java/com/paascloud/provider/web/mall/MallAuthRestController.java#queryProductList.
image

Developers, while operating the SQL statement through : the src/main/java/com/paascloud/provider/service/MdcProductService.java.selectByNameAndCategoryIds() method, directly concatenated the input "orderBy" parameter to the SQL statement "SELECT * from pc_mdc_product where order by ${orderBy}" using the "${orderBy}" syntax.
image

This means that attackers could control the "orderBy" parameter to execute SQL injection attacks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant