CVE-2020-8158 PoC — TypeORM SQL注入漏洞

Source

https://github.com/dajneem23/CVE-2020-8158

Associated Vulnerability

Title:TypeORM SQL注入漏洞 (CVE-2020-8158)
Description:TypeORM（TypeORM）是一个优秀的 Node.js ORM 框架。该软件的目标是保持支持最新的 Javascript 特性；拥有以下功能:（1）提供表的一对一，多对一，一对多，多对多关系处理；（2）来帮助开发各种用户数据库的应用 - 不管是轻应用还是企业级的。可以实现（3）根据模型自动创建数据库表；（4）可以透明的插入/更新/删除数据库对象；（5）映射数据库 table 到 Javascript 对象，映射表列到 Javascript 对象属性。 TypeORM 中存在SQL注入漏洞。该漏洞源于

Description

This is a proof-of-concept demonstrating CVE-2020-8158, a critical prototype pollution vulnerability in TypeORM versions < 0.2.25.

File Snapshot


 None

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!