Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

vulnerability #513

Open
slasher-B opened this issue May 26, 2022 · 0 comments
Open

vulnerability #513

slasher-B opened this issue May 26, 2022 · 0 comments

Comments

@slasher-B
Copy link

1.

sql注入

Don't rely too much on mybatis generator,It brings SQL injection.

In addition,receiving parameters with "${}" will prevent mybatis from executing SQL in precompiled form,this leads to SQL injection risk.

2.

ssrf

In org.linlinjava.litemall.core.qcode.QCodeService#drawPicture, push an unchecked URL into ImageIO.read will cause SSRF.There are two sources can flow to this sink.

3.

Jackson反序列化

The version of Jackson used in the project is vulnerable,and multiple sources can flow to the sink which in org.linlinjava.litemall.core.util.JacksonUtil#toMap.

Through unsafe deserialization, you can call org.linlinjava.litemall.db.util.DbUtil#backup by reflection and inject custom commands into String db, finally case RCE.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant