github
/
jeecg-boot
mirror of https://github.com/jeecgboot/jeecg-boot
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

【issues/4393】解决使用参数tableName=sys_user t&复测,漏洞仍然存在

Browse Source
pull/5216/merge
zhangdaiscott 1 year ago
parent 05181754bb
commit 0bc7e0967d
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File

10
jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/security/DictQueryBlackListHandler.java
Unescape View File

@ -1,6 +1,5 @@
package org.jeecg.modules.system.security; package org.jeecg.modules.system.security;
import org.jeecg.common.constant.CommonConstant;
import org.jeecg.common.constant.SymbolConstant; import org.jeecg.common.constant.SymbolConstant;
import org.jeecg.common.util.oConvertUtils; import org.jeecg.common.util.oConvertUtils;
import org.jeecg.common.util.security.AbstractQueryBlackListHandler; import org.jeecg.common.util.security.AbstractQueryBlackListHandler;
@ -52,9 +51,14 @@ public class DictQueryBlackListHandler extends AbstractQueryBlackListHandler {
*/ */
private String getTableName(String str) { private String getTableName(String str) {
String[] arr = str.split("\\s+(?i)where\\s+"); String[] arr = str.split("\\s+(?i)where\\s+");
// sys_user , (sys_user), sys_user%20, %60sys_user%60 issues/4393 String tableName = arr[0];
//【20230814】解决使用参数tableName=sys_user t&复测,漏洞仍然存在
if (tableName.contains(" ")) {
tableName = tableName.substring(0, tableName.indexOf(" "));
}
//【issues/4393】 sys_user , (sys_user), sys_user%20, %60sys_user%60
String reg = "\\s+|\\(|\\)|`"; String reg = "\\s+|\\(|\\)|`";
return arr[0].replaceAll(reg, ""); return tableName.replaceAll(reg, "");
} }
} }

Write Preview
Loading…
Cancel
Save