You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The backend code first writes this payload to the role_key field of the sys_role table. Later, when writing to the sys_role_menu table or the casbin_rule table, it references this role_key field, which leads to a secondary (or second-order) SQL injection.
The text was updated successfully, but these errors were encountered:
Vulnerability Risk
It can lead to the leakage of sensitive information from the database.
Vulnerability Reproduction
@Router /api/v1/role [post]Set the roleKey field in the request body of this API with a blind SQL injection payload:
{ "roleKey": "'-(if((substr(database(),1,1)='f'),sleep(3),1))-'" }The backend code first writes this payload to the
role_keyfield of thesys_roletable. Later, when writing to thesys_role_menutable or thecasbin_ruletable, it references thisrole_keyfield, which leads to a secondary (or second-order) SQL injection.The text was updated successfully, but these errors were encountered: