You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
SQL injection vulnerability in linlinjava litemall v.1.8.0 allows a remote attacker to obtain sensitive information via the goodsId, goodsSn, name parameters of the AdminOrderController..java component.
1.Steps to reproduce (复现步骤)
访问商品管理,昵称输入1 ,点击查询,抓取数据包 GET /admin/order/list?page=1&limit=20&nickname=1*&consignee=1&orderSn=1&sort=add_time&order=desc&start=&end= HTTP/1.1 Host: 172.20.10.11:9527 Accept: application/json, text/plain, */* X-Litemall-Admin-Token: 31d38891-ae04-441e-8b2b-7f90371b030e User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.111 Safari/537.36 Referer: http://172.20.10.11:9527/ Accept-Encoding: gzip, deflate, br Accept-Language: zh-CN,zh;q=0.9 Cookie: JSESSIONID=31d38891-ae04-441e-8b2b-7f90371b030e; X-Litemall-Admin-Token=31d38891-ae04-441e-8b2b-7f90371b030e Connection: close
The text was updated successfully, but these errors were encountered:
SQL injection vulnerability in linlinjava litemall v.1.8.0 allows a remote attacker to obtain sensitive information via the goodsId, goodsSn, name parameters of the AdminOrderController..java component.
1.Steps to reproduce (复现步骤)
访问商品管理,昵称输入1 ,点击查询,抓取数据包
GET /admin/order/list?page=1&limit=20&nickname=1*&consignee=1&orderSn=1&sort=add_time&order=desc&start=&end= HTTP/1.1 Host: 172.20.10.11:9527 Accept: application/json, text/plain, */* X-Litemall-Admin-Token: 31d38891-ae04-441e-8b2b-7f90371b030e User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.111 Safari/537.36 Referer: http://172.20.10.11:9527/ Accept-Encoding: gzip, deflate, br Accept-Language: zh-CN,zh;q=0.9 Cookie: JSESSIONID=31d38891-ae04-441e-8b2b-7f90371b030e; X-Litemall-Admin-Token=31d38891-ae04-441e-8b2b-7f90371b030e Connection: closeThe text was updated successfully, but these errors were encountered: