koa2-blog v1.0.0 sql injection vulnerability
Closed this issue · 0 comments
jiguangsdf commented
A sql injection was discovered in koa2-blog 1.0.0 .There is a sql injection vulnerability which allows remote attackers to Injecting a malicious SQL statement into a server via:
post http://127.0.0.1:3000/signin
Vulnerability code
// 通过名字查找用户
exports.findDataByName = ( name ) => {
let _sql = `select * from users where name="${name}";`
return query( _sql)
}
POC
Trigger SQL injection vulnerability by signin,we can see that the injected statement executed successfully and the page response timed out for 5S