SQL注入 #5173

2023-08-16 09:40:40 +08:00 · 2023-08-16 09:40:40 +08:00 · d36caf8c69
parent e6bd2d5009
commit d36caf8c69
1 changed files with 6 additions and 5 deletions
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/security/DictQueryBlackListHandler.java
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/security/DictQueryBlackListHandler.java
@ -64,14 +64,15 @@ public class DictQueryBlackListHandler extends AbstractQueryBlackListHandler {
     */
    private String getTableName(String str) {
        String[] arr = str.split("\\s+(?i)where\\s+");
-        String tableName = arr[0];
+        String tableName = arr[0].trim();
        //【20230814】解决使用参数tableName=sys_user t&复测，漏洞仍然存在
-        if (tableName.contains(" ")) {
-            tableName = tableName.substring(0, tableName.indexOf(" "));
-        }
        if (tableName.contains(".")) {
-            tableName = tableName.substring(tableName.indexOf(".")+1, tableName.length());
+            tableName = tableName.substring(tableName.indexOf(".")+1, tableName.length()).trim();
        }
+        if (tableName.contains(" ")) {
+            tableName = tableName.substring(0, tableName.indexOf(" ")).trim();
+        }
+        
        //【issues/4393】 sys_user , (sys_user), sys_user%20, %60sys_user%60
        String reg = "\\s+|\\(|\\)|`";
        return tableName.replaceAll(reg, "");